Phishing email highlights divide between N.L. health authority, employees, expert says
Phishing email highlights divide between N.L. health authority, employees, expert says
Publish Date: 2026-06-18 17:32:00
Source Domain: www.cbc.ca
Listen to this article
Estimated 5 minutes
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
A human resources expert says a visceral response to a cybersecurity test email that falsely promised all employees a paid day off highlights the divide between Newfoundland and Labrador Health Services and its strained workforce.
“If people in the organization already felt their contributions were valued, and that the organization cared about their well-being, then they wouldn’t have had this reaction to the scam which kind of tricked them into clicking it,” Catherine Connolly, a professor of organizational behaviour at McMaster University, told CBC News Thursday.
A copy of the email obtained by CBC News — with the title June Holiday — said N.L. Health Services wanted to recognize the work of employees during the implementation of the CorCare digital health information system, and that employees could register for a day off by clicking a link.
It was what’s known as a phishing email, and this one was the employer actually testing its employees and their cybersecurity knowledge.
Unions representing health-care employees said the exercise was in poor taste and called for accountability.
CorCare was touted as a tool to streamline digital health records in Newfoundland and Labrador. The program is expected to cost $600 million over the next decade.
NLHS has apologized for sending out a phishing email that promised health-care workers a paid day off. (NLHS)
Good phish, bad phish
In the hands of scammers or illegitimate operators, phishing emails are designed to manipulate victims into divulging sensitive information like passwords or user data using social engineering — deceptive messages from seemingly reputable sources.
Within organizations like health-care, phishing tests are simulated cyberattacks to teach people how to spot tactics that could open…
