NL Healthcare Workers Targeted in Phishing Awareness Test

Thousands of healthcare workers in Newfoundland and Labrador received a phishing email promising a paid day off that was actually a cybersecurity test ^[1].

The incident highlights the tension between critical infrastructure security needs and the morale of a strained healthcare workforce. As medical facilities increasingly rely on digital records, the risk of ransomware makes employee vigilance a priority for health authorities.

The email was sent this month as part of a simulated phishing attack ^[1]. The goal of the exercise was to raise cybersecurity awareness among staff by mimicking the tactics used by real hackers [2, 3]. By offering an enticing reward, a paid day off, the health authority sought to identify how many employees would click on suspicious links or provide sensitive information.

Once the test was complete, the health authority revealed that the promise of a day off was not genuine. The revelation caused significant upset among the staff who had believed the offer ^[3]. Workers said the simulation used a high-value incentive during a period of professional stress.

The health authority used the exercise to gather data on vulnerability levels within the organization ^[2]. While the simulation was designed to protect the network from actual breaches, the method of delivery created a divide between the administration and the frontline employees ^[2].

Cybersecurity experts said that phishing simulations are common in corporate and government environments to prevent data leaks. However, the choice of the "bait" can impact how employees perceive the trust between themselves and their employers ^[2].