Newfoundland and Labrador Health Services has apologized after its IT department conducted a phishing test that falsely offered employees an additional paid day off. The test, which targeted employees and physicians, was deemed inappropriate given the current pressures faced by healthcare staff, as reported by The Register.The phishing test email, sent during a period of intense work for healthcare professionals implementing the new CorCare software system, contained a button to claim an extra paid vacation day. Clicking the button resulted in a "fail" mark, leading to significant backlash. The Registered Nurses Union criticized the test as particularly insensitive, noting that nurses and other healthcare workers are already struggling to secure paid time off due to burnout and staffing shortages. Union president Yvette Coffey stated that while cybersecurity education is important, it must be conducted with respect and judgment, avoiding exploitation of healthcare workers' stress.NL Health Services interim CEO Ron Johnson acknowledged the exercise "missed a mark" and promised a review of future awareness exercises to ensure they align with organizational values and employee perspectives. Cybersecurity is critical in healthcare, where attacks can lead to canceled procedures and service disruptions, but the effectiveness of such "fire-drill" style phishing tests in improving security remains debated.Source: The Register
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds