Healthcare Workers Misled by Phishing Test Posing as Paid Day Off

In Newfoundland and Labrador, Canada, healthcare workers received a phishing email promising a paid day off, which was actually a cybersecurity test. The email, framed as recognition for their hard work during the rollout of the CorCare system, was sent from an external domain. Union leaders condemned the test as 'cruel' and 'insensitive,' especially given the ongoing burnout and staffing shortages in the sector. The phishing simulation aimed to assess employees' vulnerability to social engineering attacks but backfired, leading to widespread anger among staff. Reports indicate that at least one employee resigned due to the incident. The interim CEO of Newfoundland and Labrador Health Services apologized for the inappropriate approach and promised a review of future awareness exercises. The incident highlights the delicate balance required in cybersecurity training, particularly in sensitive environments like healthcare.

Key Points: • A phishing test disguised as a paid day off angered healthcare workers in Newfoundland and Labrador. • The email was sent from an external domain and falsely promised recognition for hard work. • Union leaders called the test 'cruel' and 'insensitive' amid ongoing staff burnout.