RSS

Health board apologizes for phishing staff with with bogus vacation day

Bender1 pts0 comments

Canadian health board sorry after ‘tasteless’ phishing test

Jump to main content

Search

REG AD

Security

Health board apologizes for phishing staff with with bogus vacation day

IT thought a fake offer of extra time off for hard-pressed Canadian medical workers was the way to go

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>mon 22 Jun 2026 // 12:27 UTC

A Canadian healthcare organization has apologized after its IT team carried out a phishing test falsely offering staff an additional paid day off work.<br>Newfoundland and Labrador Health Services said the phishing test was sent to employees and physicians, acknowledging the theme was inappropriate.<br>"We acknowledge the approach taken in this particular exercise was not appropriate, and we sincerely apologize to employees, physicians, and union representatives," said Ron Johnson, interim CEO at NL Health Services.

REG AD

"We value the feedback and are reviewing how future awareness exercises are developed and communicated. It is important they reflect employee and physician perspectives, as well as our organizational values, to foster a respectful and supportive workplace culture."

REG AD

The test came during an already fractious period for healthcare staff, who had recently worked long hours to launch the new software system CorCare across the organization.<br>NL Health Services referenced CorCare in the test email, thanking staff for their hard work on the launch. The email contained a button to click to redeem an additional paid vacation day, but clicking the button resulted in a fail mark.<br>The Registered Nurses Union (RNU) in Newfoundland and Labrador said the test was especially insensitive since nurses and other healthcare professionals were already struggling to secure paid time off.<br>Burnout and staffing shortages are rife in the healthcare sector – two factors referenced by RNU president Yvette Coffey in her response to the news.<br>"Yes, we have heard concerns from members about this, and frankly, I understand why they are upset," she said.<br>"Nurses and other healthcare professionals have worked through enormous pressure over the last number of years, including ongoing staffing shortages, burnout, organizational restructuring, and the challenges connected to the rollout of CorCare. To use the promise of an additional paid day off as the hook for a phishing exercise was in very poor taste."

MORE CONTEXT

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

1 in 5 Michigan state staffers fail phishing test but that's OK apparently

PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data

NHS disability equipment provider on brink of collapse a year after cyberattack

Coffey added: "Cybersecurity education is important, but it needs to be done with judgment and respect. There are many ways to test phishing awareness without exploiting the very real stress, fatigue, and frustration healthcare workers are experiencing."<br>Johnson told reporters at a press conference that the test "missed a mark," and promised to investigate how it was allowed to be sent.

REG AD

"What happened here, obviously, is that all the lenses that were required to review the scenario weren't placed on it," he said. "It's not reflective of how we value our employees."<br>With cybersecurity awareness being incredibly important in critical infrastructure organizations, some IT experts would argue that these kinds of tests are valuable.<br>Cyberattacks on hospitals and healthcare facilities can lead to devastating consequences, including vital procedures being canceled, service downtime, and in the rarest cases, death.<br>However, as others have previously pointed out, there isn't much evidence linking fire-drill-style tests to improvements in organizational security. ®

healthcare<br>security<br>phishing

REG AD

databases

Microsoft Access finally breaks free of its 22-inch form limit

CRT-era restriction dragged into the widescreen age after 34 years

DEVOPS

AWS debuts Lambda MicroVMs with up to 8 hours runtime

Suitable for running untrusted code, AI agents, or any long-running task

ZTE and China Telecom Guangdong advance cross‑vendor IP network simulation pilots, paving the way for intelligent network operations

PARTNER CONTENT: Leveraging >95% digital twin fidelity and multi-vendor collaboration to eliminate network change risks and achieve zero-error O&M

software

Blast from the past as GIMP 0.54 is revived in Flatpak form

Retro-computing fun for the nostalgic with first (and last) release to use Motif instead of GTK

Virtualization

Lessons from the VMwars – nothing virtual about the Broadcom vs Tesco slugfest

Never get involved in a land war in Asia. Also, don't pick a contract fight with a monster of the art

personal tech

Brits still reckon Big Tech isn't paying enough tax

Poll finds two-thirds support squeeze on Silicon Valley despite US pressure

MOST...

phishing test healthcare health staff said

Related Articles

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.