NL Health Services is apologizing to staff for a recent cybersecurity awareness excercise that has drawn the ire of workers throughout the health care system.
The phishing simulation was disguised as an email of appreciation to staff for their hard work and patience during the turbulent and hectic period in which the CorCare system was being implemented.
It offered employees a paid day off for their service by clicking a link.
The health authority says it recognizes that the way in which the phishing excercise was presented was “not appropriate” and interim CEO Ron Johnson is offering his sincere apology to employees, physicians and union representatives.
Johnson says the email “really missed the mark” and that the proper checks and balances were not in place prior to it being sent out. If they had been, Johnson says it would never have gone out.
NLHS works with a third party company, Ernst and Young, on its cybersecurity campaigns, and he says an internal investigation is underway to determine how the message was crafted and sent out.
Johnson acknowledges the frustration being felt by workers who received the email.
“I understand why they’re mad, I do. I can understand why they’re frustrated…and on behalf of the organization I apologize for that. And we’ll prevent this from happening again.”
