The HIPAA Security Rule has a set list of requirements for covered entities to adhere to, all of which aim to ensure that organizations housing sensitive personal health information (PHI) are able to secure themselves against potential hackers. One of the conditions for being considered HIPAA compliant is to identify and protect against reasonably anticipated threats. 2017 was a year full of international cyber attacks, which heavily affected health care functions worldwide. Consequently, a new tactic that emerged and is currently being adopted by a growing number of healthcare entities is the use of military war-games to test the strength of cyber security barriers. This consists of a simulation of events that are controlled by the players in the game (in this case, hackers VS defenders).