Frequently Asked Questions

Question: What is HackableHospital?

Answer: The HackableHospital exercise is a training exercise for hospital disaster planning and cybersecurity. This platform simulates a login to a hospital web interface to control various pieces of hospital infrastructure. It is your task to try to infiltrate the system. The interface has a number of security weaknesses that you will be able to discover. Many of the security vulnerabilities are elementary to discover, while others are very difficult.

Question: How much knowledge of Cyber-security is needed to try the exercise.

Answer: You will need a very basic knowledge of cyber-security issues.  This 12-minute video explains the basic concepts of cyberterrorism and disaster mitigation strategies. Watching this video is a good preparation for the exercise.

Question: How can I get some hints?

Answer: By default the system will not display any hints. If hints are allowed during your exercise, you can turn them on. Click the settings button above the "Employee Login Screen" and enable hints. Hints will then display in the hint-bar on the login screen.

Question: How can I set up a session for a teaching exercise?

Answer: We can help you set up a new instance of HackableHospital for your training exercise. Your exercise will be given a specific URL, and only your group will be able to access the exercise. As the system is web-based your exercise participants can be located anywhere and require only a computer or tablet with internet access and a browser. Please send us an email at to set up an exercise.

Question: What types of attacks are prohibited?


The exercise is designed as an educational exercise for hospital employees. It is not designed for low level server or DNS attacks. Please do not launch attacks on the HackableHospital server.

More specifically, the following type of attacks are prohibited: