HIPAA Breach Simulator

×

How to Play

Welcome to the HIPAA Breach Surgery Simulator. Your goal is to manage a critical security incident while minimizing financial penalties and operational damage.

Module 1: PHI Leak Triage

Objective: Determine the scope of the data breach. Drag and drop files from the 'Compromised' bucket into either 'Contained' or 'Breached'.

• Inspect Files: Click the icon on a file to see its metadata. Unencrypted files with patient records are high-risk.
• Contained: For files you are certain have not been exfiltrated or contain no PHI (e.g., encrypted files, non-sensitive data).
• Breached: For files confirmed to contain PHI that were exfiltrated. This will increase your potential OCR penalty.

Module 2: Ransomware Negotiation

Objective: Interact with the AI threat actor. Your choices here have direct consequences.

• Chat: Use the input box to communicate. Try to verify their claims, stall for time, or negotiate.
• Action Buttons: The AI's messages may unlock new action buttons below the chat. These are your primary way to respond to demands (e.g., paying the ransom). Choose wisely.

Module 3: 72-Hour Countdown

Objective: Complete critical response tasks before the 72-hour OCR reporting deadline expires.

• The Clock is Ticking: Failure to file the OCR report in time results in a massive automatic penalty.
• Task Dependencies: You cannot file the OCR report until you have completed the Triage module to know how many patient records were affected.

×

File Analysis

×

OCR Breach Report Form

Complete this form to fulfill your reporting obligation. Accuracy is critical.

Date of Discovery

Number of Affected Individuals

Brief Description of the Breach

Steps Taken in Response

Submit to OCR

×

Simulation Debrief

The simulation has concluded. Here is a summary of your performance and the outcome.

Final Calculated OCR Penalty