The game Cybersecure is designed to teach people in the medical profession how to properly handle personal health information that needs to be encrypted and secure. It is a game of the multiple-choice quiz genre.

Below is a detailed analysis of this game roughly following Brian Winn's1 Design/Play/Experience framework, including:



The game takes place in a medical pratice. You play as the head of the medical practice. Your goal is to protect the PHI or protected health information for your practice. This adds some weight to the decisions that you are asked to make, but overall add very little to the gameplay. Other than that, each event places the player in a real world situation related to the practice.


The player is given 16 scenarios that they must handle correctly to earn points. The scenarios were broken up into 3 sections, with 2 sections of 5 followed by a section of 6 scenarios. Each scenario involves a cybersecurity situation and 4 possible ways to handle it. A player can use the tips to better understand the information the game is trying to teach the player. Each time a player handles a situtaion correctly, they gain 10 points. The more points the player gets, the better they did answering the multiple choice questions. As they answer these questions right, thepractice improves and expands, such as gaining new computers or adding toys to the waiting area for kids. As the gameonly takes 5 to 10 minutes to play, there is only a limited selection of interaction the player has available. In additionto the questions that the player must answer, there are other icons the player can click to see small quips realted to themedical practice. This seems to have no benefit to either gameplay or teaching the player about cybersecurity, but the player still needs to click on all of them to advance to the next set of questions. This subtracts some from the gameplay itself, but seeing as the gameplay isn't very complicated at all, it doesn't subtract too much.

User Experience

The controls are pretty simple, in that all the player can do is click on different options. The screen seems pretty cluttered, especially when a popup appears after answering a question correctly to tell you a change to the practice, blocking the next question until it fades away after a period of time. Other than that, there were no major issues with the controls or the UI and it was simple enough to understand easily. They also included a introduction to the UI as well, which helped some.


The game was made as a Flash-based browser game. This allows for a large target audience, and was more accessible to non-gamers, as some of the target audience may not be gamers. I think the choice worked well for the game and I would not have done differently.


I was unable to find any formal assessment of the game. Suggestions I would make would be to check to see what the player knew about protecting PHI before playing the game, and then checking again afterwards in the form of a pre- and post-test. This could be followed up by checking in with the practices later to see if there were an cybersecurity incidents and if so, if they were handled correctly.


This game seems to teach the subject matter is is trying to communicate very well. The only issue with it is that it seems less of a game and more of a quiz with some game-like elements. It isn't fun, but it doesn't necessarily need to in order to communicate the information about practing the health


  1. Winn, Brian. The Design, Play and Experience Framework. In R. Ferdig (Ed.), Handbook of Research on Effective Electronic Gaming in Education. Hershey, PA: IGI Global, 2009, pp. 388-401.