Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Next Article in Journal
Control of Robot Arm Motion Using Trapezoid Fuzzy Two-Degree-of-Freedom PID Algorithm
Next Article in Special Issue
The Linguistic Interval-Valued Intuitionistic Fuzzy Aggregation Operators Based on Extended Hamacher T-Norm and S-Norm and Their Application
Previous Article in Journal
Symmetric MHD Channel Flow of Nonlocal Fractional Model of BTF Containing Hybrid Nanoparticles
Previous Article in Special Issue
A Monte Carlo Approach to Estimate the Stability of Soil–Rock Slopes Considering the Non-Uniformity of Materials
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

1
Department of Information Technology, Babasaheb Bhimrao Ambedkar University, Lucknow 226025, India
2
Department of Computer Engineering, College of Computer and Information Systems, Umm Al-Qura University, Makkah 21421, Saudi Arabia
3
Department of Computer Science, College of Computer and Information Systems, Umm Al-Qura University, Makkah 21421, Saudi Arabia
4
Department of Information Technology, College of Computers and Information Technology, Taif University, Taif 26571, Saudi Arabia
*
Authors to whom correspondence should be addressed.
Symmetry 2020, 12(4), 664; https://doi.org/10.3390/sym12040664
Submission received: 22 March 2020 / Revised: 10 April 2020 / Accepted: 17 April 2020 / Published: 22 April 2020

Abstract

:
Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

1. Introduction

Malware can be aptly compared to the termites preying at the healthcare data security and rendering it hollow by tampering, corrupting or pilfering the data. Attackers are targeting the largest healthcare data repositories and organizations for accessing the sensitive data and using the data for their personal profit. As per the statistics, a malware attack is exploited due to vulnerabilities in the cyber world at least once in 39 s [1]. Information security is the most compelling issue in the current era. Healthcare is another sensitive and most targeted sector for attackers due to its high information cost on dark web [1]. Any breach in healthcare information security can have detrimental effects on both the patients’ wellbeing as well as the organizations’ brand image. This scenario calls for remedial measures to effectively contain and neutralize the growing threats of malwares.
A investigation from 2010 observes that the growing adaptation of digital healthcare environment is a major concern for the security experts [2]. The study also tells that assuring data security and secure availability of data in between patient, doctor and healthcare service provider is a challenging task in electronic healthcare environment. Thus, it is evident that the issue of information security is has been a contentious issue for a long time now and many researchers are working on this from different perspectives [3,4]. But the challenges and criticalness of this issue demand a more justified solution for information security assurance in healthcare [5,6]. Buoyed by this intent, the contributors of this study have tried to provide a systematic approach for the experts to understand the types of factors that are affecting the healthcare information security and create exploitation possibilities in the healthcare sector. This type of information along with a validated scientific analysis can be very useful and significant for the research community as well as security experts [7,8,9].
Since the authors of this study found that there are a very few research articles that discuss and dissect the reasons behind the attacks on healthcare sector [10,11,12], this study has tried to highlight the possible factors that are affecting healthcare information security directly. Due to its large and complex infrastructure, the healthcare information is managed and handled at various levels in any healthcare organization. For understanding the actual implication of factors that cause malware exploitation in healthcare, it is necessary to understand the working and data production/handling in the healthcare organizations [13,14,15].
This paper covers the previous trends and attributes of malware attacks on the healthcare services and then tries to provide some significant factors with the help of experts’ opinion that are affecting the healthcare organizations rapidly [16]. The article will also provide a scientific analysis of those factors through the hybrid approach of fuzzy AHP-TOPSIS methodology [17,18]. Fuzzy AHP-TOPSIS methodology is a pre-verified and old scientific multi criteria decision making technique that gives accurate as well as effective results in multi criteria decision situation [19,20,21]. This type of scientific validation gives a clear and valid path to the security experts and researchers to prepare their security strategies on the basis of calculated results of this study. Authors have used the software of a local hospital in Varanasi, Uttar Pradesh, India, to apply the proposed result and discussed their finalized result in the paper for accuracy.
The entire research article is envisaged as follows: The first section of the paper discusses the various data breach trends and statistics of previous years for providing an overview of the topic and its criticalness. Thereafter, the second section of the paper talks about the common classical healthcare layered model that discusses the various data handling layers according to their use of healthcare data. After that, the authors have described the various factors that are affecting healthcare security and aligned them with previously discussed layered models according to their high infection possibilities and provide a hierarchy. In the ensuing section, the authors have performed the numerical analysis of the hierarchy through fuzzy AHP-TOPSIS methodology and evaluated the results on a local hospital’s software. The last section profiles the detailed discussion while also enlisting the limitations of the study before proffering the conclusion.

1.1. Past Research Initiatives

There are not many references that the authors of this study could locate in the context of various factors of information security in healthcare. Those research studies that the authors have perused in this domain are discussed below:
E. H. Park et al. provides an overview on patients’ information disclosure and discusses about the factors that are affecting the patient’s information like information security awareness, medical assessment, etc., as a factor [22]. The paper provides effective results that affect the healthcare sector through its results.
S. R. Kessler et al. provided a survey on information security climate in healthcare sector. Authors categorized the professional of healthcare into four categories and conducted a survey for assessing the information security status in healthcare organizations [23]. The paper provides a path for researchers through its validated results.
J. Alipour et al. provides an exhausted review on universal information system for acceptance in healthcare organizations. The paper discusses about the factors and performs a cross-section, descriptive analysis on it. Paper provides useful information like pointing out the weak positive correlation through the review between information security of healthcare organization and organizational factors [24]. This kind of result can provide a significant way to the future research endeavors in order to perform a review.
Md. Shirdeli et al. presents a paper discussing about the outsourcing of information security services in healthcare. The paper analyzes the healthcare information technology services through the experts’ opinion and finds the factors that motivate and affect the healthcare organization to borrow the services from outsources. The paper uses an analytical hierarchy process methodology for analyzing the various factors [25].
A. McLeod et al. presents a paper that discusses the factors affecting the data breaches and models them in a constructive manner to narrow down on some significant information from them. The paper provides a good literature on various data breaches and provides a model of factors that directly or indirectly affect data breaches [26].
Apart from the studies enumerated above, we perused the work of Ward Priestman et al. which is based on classifying different factors for healthcare sector [27]. This study, in particular, became the premise of our research investigations. Our study has attempted a unique and rarely undertaken research initiative. We intend to provide a thorough evaluation of the technical factors associated with the healthcare information security. Use of Multi Criteria Decision Making (MCDM) method is significantly less in healthcare information security scenario, but the result accuracy of MCDM approach is significantly very high. For achieving the accuracy in assessment procedure, the authors of the proposed study have used a hybrid MCDM (fuzzy AHP-TOPSIS) methodology.

1.2. Previous Attack Trends on Healthcare

Past data records and statistics are clearly showing that the healthcare industry is the most attractive and profitable sector for attackers. Worldwide trends are showing that healthcare data breach started rising from 2010 when the Internet revolution had started all over world. Figure 1 describes the previous healthcare scenario from 2009 to 2019 [28]. Figure clearly shows that 2015 was the most terrifying year for the healthcare industry with more than 140 million data breach records.
Another study shows that 51 big data breach incidents were reported in July 2019 worldwide. Trends of that report show that most of the incidents (count = 21) were targeted via emails in July 2019 [29]. The report also shows that 3 breaches are targeted via other platforms, 19 incidents are using network server for exploiting the healthcare industry.
Figure 2 clearly indicates that emails are targeted by most of the attackers in healthcare organizations. Phishing is the most common and widely used as well as easy and most effective approach for exploiting the system via emails. Hence, the authors assert that phishing is the new attack trend along with malware. Secondly, the network server exploitation incidents indicate that many organizations are not aware of weak and outdated security infrastructure and are currently using this kind of system and machine. The above-discussed trends of attacks and breaches in previous years are showing the criticalness and sensitivity of healthcare data security and provide a current view of the scenario.
The discussed findings and trends provide highly useful information like phishing being the most common approach that is used along with malware for exploiting the healthcare systems. Figure 2 describes that 84% attacks on healthcare in July month of 2019 are targeting IT infrastructure rapidly [24]. This information creates immense curiosity about finding the factors and different reasons that are creating or opening a path for attackers in healthcare services for exploitation. This situation has also motivated the contributors to evaluate the rank of the factors for providing a systematic path in order to remediate the issue or factor that is affecting the healthcare information security.

2. Materials and Methods

2.1. Classical Layered Healthcare Model: Information Perspective

The basic and most significant objective of this paper is to provide knowledge of the factors that are affecting healthcare information security. For achieving that goal, it is important to understand the different attributes of healthcare organizations [25]. The main reason behind this is to garner a better understanding of the scenario and provide authenticated factors that are affecting different attributes in a healthcare organization [26]. Authors have categorized the healthcare organization into different layers for simple and easy understanding. Figure 3 illustrates the layered categorization of a healthcare organization in respect of information/data.
In the above figure, clearly describes the categorization of the healthcare organization into four different layers according to their data handling process. The first layer shows the data production layer. The second describes the data storage layer; the third layer discusses about the data Application layer; and the fourth layer illustrates the data transfer layer. The description of these different layers was elucidated in the following headings.
Data Production Layer: According to the authors, this is a layer where every type of medical or health-related information is produced in a healthcare organization or service provider. This layer includes various data or information production methods and approaches that are used in different healthcare services like IoMT devices, personal relation desk information, lab report information, etc. [30]. This layer has its own various threats and factors that cause exploitation. These factors and threats are discussed in the next section of the paper. The data production layer is the first and primary entry level of any healthcare organization. Security in this layer is highly recommended and necessary for any healthcare organization.
Data Storage Layer: This is a layer where all the information and data are stored by healthcare organizations according to their use in third layer. It includes various data repositories and cloud storage that are used inside the healthcare organization or outside the healthcare organization. Securing this layer needs extra efforts and sensitivity because storage and transfer layer has direct data access, i.e., if an attacker gets access to the database 1, then the possibilities are very high that he can breach the security of other databases of the organization [31]. That is the main reason why authors recommend extra security and authentication approaches in this layer.
Data Application Layer: Layer three is a data application layer with various attributes like doctors, employees, patient relatives, mobile healthcare devices, etc. All these have some pieces of information related to health of a patient or whole healthcare organization [32]. Securing this layer is as much important as the above two layers. Data application layer is also a most easily exploitable layer for attackers. The use of social engineering is effectively useful on this type of layer. Previous data breach statistics clearly shows that data application layer is the most favorite layer for attackers to exploit. This type of scenario creates an immense need for security on information application in healthcare sector.
Data Transfer Layer: It is the main and significant layer in the whole healthcare structure. Many researchers and experts strongly believed that data security is hijacked or tempered mostly during data travel or data transfer. Data transfer layer holds the data during the travel period from one node to another [31,32]. It is significant and challenging to protect the information on this layer. Various types of data protection mechanisms are used for securing this layer, but previous breach ratio and explanation clearly describes that attackers are continuously exploiting the security vulnerabilities of data transfer layer.
The authors have discussed the different three layers of healthcare services from data perspective. They categorized the different attributes for analyzing the different factors that are affecting healthcare security. In the next section, the authors have discussed the various factors that are affecting the healthcare security.

2.2. Various Factors: Affecting Healthcare Data Security

Identification and categorization of the different factors that affect the healthcare data security in different ways were enumerated in this section. This was done by garnering the opinions of the experts through questionnaire generated by the research team of this study. The questionnaire was based on queries related to the healthcare information security exploitation issue. On the basis of the experts’ opinion, the authors aligned every factor that is affecting a particular layer with the classical healthcare data handling model [24,25,26,27]. Figure 4 describes the different factors and their related layers.
As we see in the above Figure 4, various factors are aligned to their relatable layers for easy and simple understanding. Figure 4 illustrates that the authors selected 10 projects of local hospital software of Varanasi as an alternative in the assessment process of the hierarchy. Varanasi is one of the oldest cities in India and revered the world over as the city of piety. The city is a hub of tourism that attracts both international and domestic sightseers throughout the year. Hence, facilitating efficient, affordable and breach-free e-health services in such a city poses a huge challenge. This is the reason why the authors chose the local software of Varanasi hospitals as an alternative for the present study [33]. For this research, we selected 10 different projects based on the significance of the information from the various departments of the hospital. Authors choose various 10 projects of different departments of hospital. These selected 10 projects are significant and sensitive for hospital in the security perspective. Various factors that affect the healthcare information security are described below:
Social Engineering: According to the classical definition of social engineering, it is a psychological or intelligence-based technique that is used to trick victims into mistakenly making security holes or extracting sensitive information from victims [27]. In the healthcare perspective social engineering is the strongest weapon against target. For example, assume that a healthcare organization employee has a habit of online betting. The attacker gets that information about employee from his behavior, environment and social media portals and in the end from a casual conversation with employee. An attacker can use this information against that particular user. An attacker can trick the employee in a phishing betting website and spot a malicious file into his computer. If the employee is using organizational system at that time, then this type of mistake can lead the whole organization into big trouble. Social engineering is the biggest threat and a grave factor that is affecting the healthcare sector through various types and ways. Authors strongly recommend a novel and strong prevention model for social engineering attacks the healthcare sector.
Malware/Ransomware: In the current decade, the healthcare sector has been upgraded to smart healthcare services. All the medical procedures, as well as administrational processes are dependent on the computers and IT infrastructures [34]. As we all know, malware is the biggest enemy and threat to any IT setup. Section 2 of this paper clearly described the involvement and the harmful impact of malware in healthcare sector. Malware is the strongest weapon of intruders against healthcare system. As shown in Figure 4, malware is a threat or factor that is affecting all the layers of healthcare model in the same way. Every entity can be exploited through malware or ransomware just by one single mistake. It is important to protect the health services from malware attacks and provide a strong prevention and protection model, specifically for healthcare.
Human Error: A researcher, P. Vimalachandran, shows the importance and impact of human error in the healthcare sector. The researcher provides a novel model for maintaining data integrity in healthcare services and considers human error as a serious issue in healthcare organizations [35]. A small human error or employee error can lead the patient into a life-threatening situation. For example, if a lab technician registers a wrong diabetics value like the test result is 20.33 and instead of this value he enters the value 203.3, this type of error can be fatal for the patient and lead the organization into serious trouble [34,35]. Hence, the authors of this study iterate on creating a human error-free environment in the healthcare organizations.
Outdated IT Infrastructure: Technology is a process of continuous advancement and every technocrat must work towards it. In the matter of the healthcare industry, technical IT equipment is lagging behind with outdated infrastructure of IT. Every system and equipment needs upgradation for working properly and securely. But it is often seen in the context of healthcare sector that the technical infrastructure is burdened with old IT scenario [36]. This kind of gap creates a toll-free gateway for attackers to exploit the healthcare smart services. According to the authors, this issue has become even more dangerous after the introduction of the IoMT devices in the healthcare sector. If an attacker gets to succeed in breaking the IT network of any organization, then the possibility of IoT and IoMT devices getting hacked is as high as at 80%.
Low access control management: The most crucial job for any healthcare organization is to restrict information access. The U.S. Department of Health and Human Services has published a report that observes that the access to personal health records should be limited and restricted at various stages in healthcare organizations [36]. It is often seen in many healthcare organizations that they usually share their centralized database with other organizations and associates instead of a small specific one. The main reason behind this type of situation is lack of resources and time [37]. The data breach trends, and reports of the investigations cite that usually the internal staff is involved in the breach incident. Therefore, it is necessary to restrict and reconstruct access control in the healthcare organization for low rate of data breach risk and high-security percentage.
Medjacking: Exploiting medical equipment and devices via backdoors and vulnerability exploit is covered under the Medjacking. Medjacking is referred for hijacking the medical devices. A report by TrapX portrays the current criticalness of medical devices and possibilities of hijacking medical accessories in the organizations. The report disclosed that the main purpose of hijacking medical devices is stealing and tampering with the confidential medical data. There is a very vast and thriving market for medical information on the dark net. Medjacking is affecting the security of medical information. Previous trends and patterns of attacks discussed in TrapX report illustrates that medjacking attacks are associated with social engineering as well as malware attacks [38]. Thus, understanding the potential cyber threat on medical devices is not only a crucial and challenging task for medical IT staff and security experts, but it also calls forth for working on preemptive mechanisms.

2.3. Methodology

Evaluating the most prioritized factor that affect the healthcare information security can provide a systematic path for the security practitioners to construct a secure and systematic healthcare information security procedure [36,37]. Contributors of this study provide a numerical evaluation of factors (described in hierarchy) through the multi criteria decision making (MCDM) method. MCDM methodology has the potential and ability to give some fresh and accurate results with validation. In order to evaluate the factors, the authors of the proposed study use Analytical Hierarchy Process (AHP) for assessing the particular weights of each factor.
Fuzzy Analytical Hierarchy Process (AHP): AHP is a useful and effective methodology that is used in multi criteria decision situation. AHP uses triangular fuzzy number for evaluating the weights of factors. The result that is evaluated through AHP methodology is crisp and effective in real time situations. Saaty proposed the AHP methodology for the first time in multi criteria decision situation [39].
For this research article, the authors have used the fuzzy AHP-TOPSIS method for assessing the weights of the elements described in Figure 4. Hierarchy described in Figure 4 shows the factors that affect the healthcare information security directly. Authors have used a tree hierarchy shown in Figure 4 for applying the fuzzy AHP-TOPSIS method. This hierarchy was prepared by experts’ suggestions taken through questionnaire, research study and brainstorming. After the suggestions from experts, the authors have prepared a hierarchy of elements based on the suggestions. Furthermore, for evaluating the weights, the authors convert the linguistic values of every element into a triangular fuzzy number (TFN). For making the analysis part easy, authors use the values that stand between 0 and 1 for the TFN number [40]. Furthermore, the crisp calculated values are described as 1, 2, 3…9. Additionally, the membership function of triangular fuzzy number M on F is known in Equations (1) and (2):
μa (x)= F → [0,1]
µ a ( x ) = { x mi lo b mi lo x [ lo ,   mi ] x mi up u mi up x [ mi , up ]   0   Otherwise
Here, l, mi and u are showing the lower, middle and upper limit of TFN.
TFN’s are represented in Figure 5 above. Further, the authors have described the scale table for ranking the factors’ score for evaluating the factors that affect in a quantitative way in Table 1 [41].
Following Equations (3)–(6) is used for converting numeric values into triangular fuzzy numbers.
ɳij = (lij,miij,uij)
where   l ij m iij u ij
lij = (Jijd)
miij = (Jij1, Jij2, Jij3)1 /
and uij = (Jijd)
In the above conditions, lij is the lower worth; mij is the center and uij is the upper worth. Condition (3) shows the TFN. Conditions (7)–(9) are utilized for coordinating the diverse TFN values in the assessment procedure.
(l1, mi1, u1) + (l2, mi2, u2) = (l1 + l2, mi1 +mi2, u2 + u2)
(l1, mi1, u1) × (l2, mi2, u2) = (l1 × l2, mi1 ×mi2, u1 × u2)
( l 1 , m i 1 , u 1 ) 1 = ( 1 / u 1 ,   1 / mi 1 ,   1 / l 1 )
Analyst now creates an nxn comparison matrix through Equation (10).
A d ˜ = [ k ˜ 11 d k ˜ 12 d k ˜ 1 n d k ˜ n 1 d k ˜ n 2 d k ˜ n n d ]
If more than one preference is present in the evaluation process, then the experts use Equation (11) for calculating the average.
k ˜ ij = d = 1 d k ˜ ij d
In the wake of ascertaining the normal inclination in the subsequent stage of the count, the specialists update the fuzzy comparison matrix for a progressive system arranged through the experts’ perspectives. For computing this progression, the specialists utilize following condition (12):
A ˜ = [ k 11 ˜ k 1 n ˜ k n 1 ˜ k ˜ nn ]
In the next step, the experts calculate the geometric mean and fuzzy weight of the factor through Equation (13).
P ˜ i = ( j = 1 n k ˜ ij ) 1 / n ,   i = 1 , 2 , 3 , 4 ,   . n
Thereafter, Equations (14)–(16) were used for concluding as well as normalizing and finding the average of the calculated fuzzy weights.
w ˜ i = p ˜ i ( p ˜ 1 p ˜ 2 p ˜ 3 p ˜ n ) 1
M i = w ˜ 1 w ˜ 2 . w ˜ n n
Nr i = M i M 1 M 2 M n
After all these calculations, the BNP value was evaluated through Equation (17) of COE (Center of Area method).
B N P w D 1 = [ ( u w 1 l w 1 ) + ( m i w 1 l w 1 ) ] 3 + l w 1
Fuzzy TOPSIS: It calculates the factors for multi-criteria decision making in geometric arrangement of alternatives in n-dimensional space. For providing accuracy in results this TOPSIS method uses the fuzzy numbers instead of précised numbers for showing the importance of factors [42,43]. Step-by-step description of the methodology is written as follows:
In the first step of calculation, this paper used fuzzy AHP for evaluating the relevant weights through Equations (1)–(16). After that in next step, the experts prepared a comparison matrix and selected a variable with the help of Table 2 and Equation (18).
K ˜ = [ x ˜ 11 x ˜ 1 n x ˜ m 1 x ˜ mn ]
In the following steps, the fuzzy matrix is normalized through Equation (19).
P ˜ = [ P ˜ ij ] m × n
After a successful normalization process, a normalized fuzzy matrix is prepared through Equation (20).
Q ˜ = [ q ˜ ij ] m × n i = 1 , 2 , 3 ,   . m ; j = 1 , 2 , 3 , 4 ,   n
Furthermore, in the last step the closeness gap of factors is analyzed and the alternatives for factors are evaluated. After the evaluation, the experts use Equation (21) to determine the evaluated alternatives gap of factors.
C   C ˜ = k ˜ i k ˜ i + + k ˜ i = 1 k ˜ i + k ˜ i + + k ˜ i   ,   i = 1 , 2 ,   . ,   m
At the end of the evaluation process through the Equation (21), experts find the ranks of the factors described in hierarchy.

3. Data Analysis and Results

Numerically analyzing risk factors for healthcare organizations is a challenging task for experts. Identification of risk factors is the most important step in order to maintain information security in any organization [44,45]. A successful identification of risk factors can provide an accurate and effective solution of problem in any organization. To achieve this goal in the proposed paper, the authors have used a well-established and verified decision making technique, the fuzzy AHP-TOPSIS for prioritizing the identified risk factors and evaluating the impact of healthcare data security. For selecting and gathering the facts and factors, the authors of this study have taken suggestion from 70 experts who are from different industries and academic background. Equations (1)–(21) are used to assess the impact of described harmful factors in Figure 4 as follows.
For assessing the factors and finding the results, the authors have used Table 1 and Equations (1)–(9) for converting linguistic values into numeric values and TFN numbers. For constructing pair-wise comparison matrix, TFNs values are computed as:
k ˜ 12 70 = ( 1 ,   1 ,   1 ) 1 / 70   ( 1 / 4 ,   1 / 3 ,   1 / 2 ) 1 / 70   . .     ( 1 / 6 ,   1 / 5 ,   1 / 4 ) 1 / 70 = ( ( 1   ×   1 / 4   ×   . .   ×   1 / 6 ) 1 / 70 ,   ( 1   ×   1 / 3   ×   . .   ×   1 / 5 ) 1 / 70 ,   ( 1   ×   1 / 2   . .   ×   1 / 4 ) 1 / 70 ) = ( 0.34000 ,   0.40000 ,   0.48000 )
In the same manner, the pair-wise comparison matrixes of the level 1 attributes is constructed with the help of Equation (10) and shown in Table 3. Similarly, Table 4, Table 5, Table 6, Table 7, Table 8, Table 9, Table 10, Table 11, Table 12 and Table 13 present the combined pair-wise comparison matrixes for hierarchies of level 2 and level 3.
Through the Equations (11)–(13), authors calculate the computation of the weights as following:
p ˜ 1 = [ ( 1.00000 ,   1.00000 ,   1.00000 )     ( 0.34000 ,   0.40000 ,   0.48000 )     ( 0.56000 ,   0.90000 ,   1.37000 )     ( 0.39000 ,   0.43000 ,   0.47000 ) ]   1 / 4
= [(1.00000 × 0.34000 × 0.56000 × 0.39000)1/4, (1.00000 × 0.40000 × 0.90000 × 0.43000)1/4,(1.00000 × 0.48000 × 1.37000 × 0.47000)1/4]
= (0.07430)1/4, (0.15480)1/4, (0.30910)1/4 = (0.52200, 0.62700, 0.74560)
.
Similarly, we can obtain the remaining p ˜ i as: p ˜ 2 = (1.07700, 1.20860, 1.37730); p ˜ 3 = (0.74180, 0.94580, 1.20100); p ˜ 4 = (1.22530, 1.39600, 1.59840)
Equations (14)–(16) is used for the calculation of weights for each factor is written as follows:
w ˜ 1 = ( 0.52200 ,   0.62700 ,   0.74560 ) ( ( 0.52200 ,   0.62700 ,   0.74560 ) ( 1.0770 ,   1.20860 ,   1.37730 ) ( 0.74180 ,   0.94580 ,   1.20100 ) ( 1.22530 ,   1.39600 ,   1.59840 ) ) 1 = ( 0.14640 ,   0.15000 ,   0.19000 )
We can also calculate the remaining w ˜ i as follows: w ˜ 2 = (0.30030, 0.28920, 0.35100); w ˜ 3 = (0.20800, 0.22630, 0.30610); w ˜ 4 = (0.34360, 0.33400, 0.40740). Further, through the Equation (17) authors evaluate the BNP value of factors as follows:
BNPw 1 = [ ( 0.19000 0.14600 ) + ( 0.15000 0.14600 ) ] 3 + 0.14600 = 0.16200
Global weights for each second-layer factor are calculated and represented in Table 8.
Many factors are repeated in Table 8 but the influence that they give to their higher layer factor is diverse. For better sympathetic, combination is completed to assess the weights of every level’s factor. Weights of alter factors at a different level are presented in Table 6, Table 7 and Table 8 with their contribution towards healthcare information security weights. Further, Table 9 shows the final dependent weights of healthcare information security through the hierarchy.
Now, we have to determine the influence of healthcare information security in alternative choices with respect to criteria. Ten successive projects of the software of a local hospital in Varanasi were taken to estimate the healthcare information security. The alternatives 1, 2, 3…10, represent the project of hospital services, all projects are very sensitive. With the help of Table 2 and Equations (4)–(9), we took the inputs on the technological data of the six projects as shown in Table 11. With the help of Equations (18)–(20), we evaluated the regularized fuzzy decision matrix as presented in Table 12 and with the help of Equation (21), we evaluated weighted normalized fuzzy decision matrix as shown in Table 13. With the help of Equations (22)–(26), we assessed the fuzzy satisfaction degree and fuzzy gap degree as shown in Table 14.
Table 14 and Figure 6 represents that the closeness coefficients difference of all the alternatives are acceptable. Table 14 also illustrates that the sensitivity analysis of results is already achieved through the results. Figure 5 shows the graphical representation of satisfaction degrees of alternatives.

3.1. Sensitivity Analysis

In any scientific paper, it is imperative to analyze the results from various perspectives. Sensitivity analysis is one of the most important and effective processes in order to motivate the accuracy and validity of results [46,47]. Sensitivity analysis provides a process for researchers to analyze their obtained results when variables are changed. The proposed study has used six experiments for sensitivity analysis because the last level of hierarchy has six factors. In order to analyze, the sensitivity weights of each factor is different at a time and the other factors weights and satisfaction degree are constant at the same time. Table 15 and Figure 7 shows the calculated results of sensitivity analysis.
From the above Table 15 and Figure 7, it is clear that alternative-9 (A9) has the highest satisfaction degree in original result. Results of sensitivity analysis also represents that A9 still has the same highest satisfaction degree in 6 experiments. The results show that alternatives are sensitive to the weights.

3.2. Comparison with the Classical AHP-TOPSIS Method

Validating the evaluated results is the most significant job for any researcher [48]. In order to achieve validation and provide a clear view on obtained results, the contributors of this study conducted a comparison of the results with another similar technique called the classical AHP-TOPSIS. Authors used the same data for calculation through classical AHP-TOPSIS methodology. Obtained results from both the techniques are illustrated in Table 16 and Figure 8. The results described in Table 16 show that the results calculated from both techniques are highly correlated (person correlation coefficient is) [49,50,51]. It is clearly portrayed in Table 16 that the fuzzy-based methodology provides improved results over the classical methodology.

4. Discussion

Understanding the factors and reasons for the security backdrops and continuous data breaches are most important for better and secure environment in healthcare sector [35,36]. This paper details the various factors that are affecting the healthcare sector on different layers. Authors identified six complex and most significant factors that need to be considered in research field as well as need attention from the organizations to provide and establish better security environment. Findings are showing that every attribute of healthcare organization is under risk of exploitation and data breach.
The hierarchal structure of various layers and factors in Figure 4 describe the risk factors of healthcare organization at different layers. Factors that are discussed in this paper are internally related and depend on each other according to the results. For example, if an attacker needs to target and track an employee of healthcare organization, the attacker can employ social engineering to find sensitive information related to the employee. After this step, the attacker knows about employee’s personal interests, now he creates a phishing mail containing malicious malware file for exploitation and sends to him. This type of attack contains three factors in itself. If the employee is aware of social engineering tricks, it would not be easy for the attacker to infringe upon the employer and outsource any classified information. Therefore, it is clear from the stated example that a solution of one factor can reduce the strength and risk ratio of other factors automatically.
In order to achieve this goal, the authors systematically extract and understand various data layers according to information use in healthcare organization and then analyze and classify their relevant risk factors that create the worm holes for exploitation in healthcare organizations. After identifying all these significant findings, the authors employ the universally accurate and validated fuzzy AHP-TOPSIS methodology for providing a ranking result to the constructed hierarchy in Figure 4. The analyzed result from fuzzy AHP-TOPSIS approach will help the experts to understand the process of remedying the data breach issue in healthcare by providing them a priority based systematic path. Some key findings of the proposed study are described as:
  • Results of the proposed study will provide a constructive and a secure path for the experts and researchers to prepare their prevention strategies according to the evaluated result.
  • Results of the proposed paper will help the experts in enhancing the current security scenario of healthcare information security by providing a scientifically evaluated priority list of affecting factors. An expert can use that result and enhance the security by preventing the factors one by one according to the results.
  • The most prioritized factor is the Human Error in evaluated results, this type of evaluation attempts to draw the attention of experts and researchers on the factor and thus create future research possibilities for them.
  • Contributors of this study have found six factors that affect the healthcare information security on various layers. By adopting this assessment, the future researchers can assess the web application security affecting factors and evaluate their respective weights.
However, since healthcare is a very large and complex industry in the comparison of another sector this research also has its limitations in terms of its ambit. Though a comprehensive research must cover all the technical, legal as well as administrative implications in a single manuscript, this study’s focus is only on the information security scenario and its implications.

5. Conclusions

Data breaches and malware attacks are penetrating the healthcare industry on a large scale. Different attacking strategies pose enormous challenges for experts who are constantly working on techniques to mitigate security drawbacks. In this type of situation, healthcare sector needs a common-sense technique to tackle attack implications. The phrase “cut the problem from the root” works perfectly here, implying that if the mitigating attacks and blocking their paths are challenging and complex for experts, then instead of this, it is important to weed out the very source of the problem. In the context of healthcare, authors have discussed the factors that are playing a crucial role in exploitation and data breaches while associating them with the layers that they affect in healthcare. Thereafter, the study evaluates the ranking of factors according to their weights by hybrid MCDM approach and enlists ten projects of hospital software to assess them. Results of the proposed study will ensure that the techniques propositioned in this study would be an efficacious mechanism for the cyber security practitioners seeking solutions to make e-health data breach-proof. The analysis provides a systematic priority-based ranking result to identify which types of risk are of greater importance and first priority in terms of solutions in a healthcare organization.

Author Contributions

All authors contribute equally to the manuscript. All authors have read and agreed to the published version of the manuscript.

Funding

Deanship of Scientific Research at Umm Al-Qura University, Kingdom of Saudi Arabia.

Acknowledgments

The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code: 18-COM-1-01-0001.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Pandey, A.K.; Tripathi, A.K.; Kapil, G.; Singh, V.; Khan, M.W.; Agrawal, A.; Kumar, R.; Khan, R.A. Trends in Malware Attacks. In Critical Concepts, Standards, and Techniques in Cyber Forensics; IGI Global: Hershey, PA, USA, 2020; pp. 47–60. [Google Scholar] [CrossRef]
  2. Appari, A.; Johnson, M.E. Information security and privacy in healthcare: Current state of research. Int. J. Internet Enterp. Manag. 2010, 6, 279. [Google Scholar] [CrossRef]
  3. Kruse, C.; Smith, B.; Vanderlinden, H.; Nealand, A. Security Techniques for the Electronic Health Records. J. Med. Syst. 2017, 41, 127. [Google Scholar] [CrossRef] [Green Version]
  4. Slamanig, D.; Stingl, C. The Degree of Privacy in Web-based Electronic Health Records. In Proceedings of the World Congress on Medical Physics and Biomedical Engineering, Seoul, Korea, 27 August–1 Septmber 2006; Springer: Berlin/Heidelberg, Germany, 2009; Volume 22, pp. 974–977. [Google Scholar]
  5. Toll, E.T.; A Alkureishi, M.; Lee, W.W.; Babbott, S.F.; A Bain, P.; Beasley, J.W.; Frankel, R.M.; A Loveys, A.; Wald, H.S.; Woods, S.S.; et al. Protecting healing relationships in the age of electronic health records: Report from an international conference. JAMIA Open 2019, 2, 282–290. [Google Scholar] [CrossRef]
  6. Al-Zubaidie, M.; Zhang, Z.; Zhang, J. PAX: Using Pseudonymization and Anonymization to Protect Patients’ Identities and Data in the Healthcare System. Int. J. Environ. Res. Public Health 2019, 16, 1490. [Google Scholar] [CrossRef] [Green Version]
  7. Señor, I.C.; Fernández-Alemán, J.L.; Toval, A. Usable Privacy and Security in Personal Health Records. In Computer Vision; Springer: Berlin/Heidelberg, Germany, 2011; Volume 6949, pp. 36–43. [Google Scholar] [CrossRef]
  8. Thigpen, B.L. Strategies to Lower Security Risks Involving Medical Devices in Patient Care. 2020. Available online: https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=9698&context=dissertations (accessed on 15 February 2020).
  9. Ronquillo, J.G.; Winterholler, J.E.; Cwikla, K.; Szymanski, R.; Levy, C. Health IT, hacking, and cybersecurity: National trends in data breaches of protected health information. JAMIA Open 2018, 1, 15–19. [Google Scholar] [CrossRef]
  10. Hai, N.K.; Lawpoolsri, S.; Jittamala, P.; Huong, P.T.T.; Kaewkungwal, J. Practices in security and confidentiality of HIV/AIDS patients’ information: A national survey among staff at HIV outpatient clinics in Vietnam. PLoS ONE 2017, 12, e0188160. [Google Scholar] [CrossRef]
  11. Sahu, K.; Srivastava, R.K. Needs and Importance of Reliability Prediction: An Industrial Perspective. Inf. Sci. Lett. Natural Sci. Publ. 2020, 9, 33–37. [Google Scholar]
  12. Peikari, H.R.; Ramayah, T.; Shah, M.H.; Lo, M.C. Patients’ perception of the information security management in health centers: The role of organizational and human factors. BMC Med. Inform. Decis. Mak. 2018, 18, 102. [Google Scholar] [CrossRef]
  13. Lyon, A.R.; Lewis, C.C.; Melvin, A.; Boyd, M.; Nicodimos, S.; Liu, F.F.; Jungbluth, N. Health Information Technologies—Academic and Commercial Evaluation (HIT-ACE) methodology: Description and application to clinical feedback systems. Implement Sci. 2015, 11, 128. [Google Scholar] [CrossRef] [Green Version]
  14. Sahu, K.; Srivastava, R.K. Revisiting Software Reliability. In Advances in Intelligent Systems and Computing; Springer: Berlin/Heidelberg, Germany, 2018; pp. 221–235. [Google Scholar] [CrossRef]
  15. Yeratziotis, A.; Pottas, D.; Van Greunen, D. A Usable Security Heuristic Evaluation for the Online Health Social Networking Paradigm. Int. J. Hum.-Comput. Interact. 2012, 28, 678–694. [Google Scholar] [CrossRef]
  16. Sahu, K.; Rajshree, P.; Kumar, R. Risk management perspective in SDLC. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 2014, 4, 1247–1251. [Google Scholar]
  17. Kumar, R.; Khan, A.I.; Abushark, Y.B.; Alam, M.; Agrawal, A.; Khan, R.A. A Knowledge-Based Integrated System of Hesitant Fuzzy Set, AHP and TOPSIS for Evaluating Security-Durability of Web Applications. IEEE Access 2020, 8, 48870–48885. [Google Scholar] [CrossRef]
  18. Kumar, R.; Khan, A.I.; Abushark, Y.B.; Alam, M.; Agrawal, A.; Khan, R.A. An Integrated Approach of Fuzzy Logic, AHP and TOPSIS for Estimating Usable-Security of Web Applications. IEEE Access 2020, 8, 50944–50957. [Google Scholar] [CrossRef]
  19. Teles, S.; Napolskij, M.S.; Paúl, C.; Ferreira, A.; Seeher, K. Training and support for caregivers of people with dementia: The process of culturally adapting the World Health Organization iSupportprogramme to Portugal. Dementia. Dementia 2020. [Google Scholar] [CrossRef]
  20. Kumar, R.; Zarour, M.; Alenezi, M.; Agrawal, A.; Khan, R.A. Measuring Security Durability of Software through Fuzzy-Based Decision-Making Process. Int. J. Comput. Intell. Syst. 2019, 12, 627–642. [Google Scholar] [CrossRef] [Green Version]
  21. Peng, P. A Measurement Approach to Understanding the Data Flow of Phishing from Attacker and Defender Perspectives (Doctoral Dissertation, Virginia Tech). 2019. Available online: https://vtechworks.lib.vt.edu/bitstream/handle/10919/96401/Peng_P_T_2020.pdf?sequence=1&isAllowed=y (accessed on 22 March 2020).
  22. Park, E.H.; Kim, J.; Wiles, L.L.; Park, Y.S.; Wile, L.L. Factors affecting intention to disclose patients’ health information. Comput. Secur. 2019, 87, 101340. [Google Scholar] [CrossRef]
  23. Kessler, S.R.; Pindek, S.; Kleinman, G.; A Andel, S.; Spector, P.E. Information security climate and the assessment of information security risk among healthcare employees. Heal. Inform. J. 2019. [Google Scholar] [CrossRef]
  24. Alipour, J.; Mehdipour, Y.; Karimi, A. Factors Affecting Acceptance of Hospital Information Systems in Public Hospitals of Zahedan University of Medical Sciences: A Cross-Sectional Study. J. Med. Life 2020, 12, 403–410. [Google Scholar]
  25. Shirdeli, M.; Zare, S.; Kharazmi, E.; Rezaee, R.; Maher, M.H. Presenting a Model to Evaluate Factors Affecting Outsourcing of Health Information Technology Services. Acta Inform. Medica 2018, 26, 190–194. [Google Scholar] [CrossRef]
  26. McLeod, A.; Dolezel, D. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decis. Support Syst. 2018, 108, 57–68. [Google Scholar] [CrossRef]
  27. Priestman, W.; Anstis, T.; Sebire, I.G.; Sridharan, S.; Sebire, N.J. Phishing in healthcare organisations: Threats, mitigation and approaches. BMJ Health Care Inform. 2019, 26. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  28. Healthcare Data Breach Statistics. Available online: https://www.hipaajournal.com/healthcare-data-breach-statistics/ (accessed on 11 January 2020).
  29. Healthcare Data Breach Report. 2019. Available online: https://www.hipaajournal.com/july-2019-healthcare-data-breach-report/ (accessed on 11 January 2020).
  30. Palanisamy, V.; Thirunavukarasu, R. Implications of big data analytics in developing healthcare frameworks–A review. J. King Saud Univ.-Comput. Inf. Sci. 2017, 31, 415–425. [Google Scholar] [CrossRef]
  31. El Aboudi, N.; Benhlima, L. Big Data Management for Healthcare Systems: Architecture, Requirements, and Implementation. Adv. Bioinform. 2018, 2018, 1–10. [Google Scholar] [CrossRef] [PubMed]
  32. Clarke, J.; Bourn, S.; Skoufalos, A.; Beck, E.H.; Castillo, D.J. An Innovative Approach to Health Care Delivery for Patients with Chronic Conditions. Popul. Health Manag. 2016, 20, 23–30. [Google Scholar] [CrossRef] [Green Version]
  33. University Repositorty. 2019. Available online: http://www.bbau.ac.in/new/index.aspx (accessed on 1 March 2020).
  34. Dang, L.M.; Piran, J.; Han, D.; Min, K.; Moon, H. A Survey on Internet of Things and Cloud Computing for Healthcare. Electronics 2019, 8, 768. [Google Scholar] [CrossRef] [Green Version]
  35. Vimalachandran, P.; Wang, H.; Zhang, Y.; Heyward, B.; Zhao, Y. Preserving patient-centered controls in electronic health record systems: A reliance-based model implication. In Proceedings of the 2017 International Conference on Orange Technologies (ICOT), Singapore, 8–10 December 2017; Available online: https://arxiv.org/ftp/arxiv/papers/1802/1802.00575.pdf (accessed on 11 January 2020).
  36. Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients; Department of Health and Human Services: USA. 2018. Available online: https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx (accessed on 1 March 2020).
  37. Pandey, A.K.; Khan, A.I.; Abushark, Y.B.; Alam, M.; Agrawal, A.; Kumar, R.; Khan, R.A. Key Issues in Healthcare Data Integrity: Analysis and Recommendations. IEEE Access 2020, 8, 40612–40628. [Google Scholar] [CrossRef]
  38. MEDJACK. Medical Device Hijacking; TrapX Research Lab. 2018. Available online: https://www.trustdimension.com/wp-content/uploads/2015/02/MedJack.4-ilovepdf-compressed.pdf (accessed on 1 March 2020).
  39. Saaty, T.L. How to make a decision: The analytic hierarchy process. Eur. J. Oper. Res. 1990, 48, 9–26. [Google Scholar] [CrossRef]
  40. Saaty, T.L. Transport planning with multiple criteria: The analytic hierarchy process applications and progress review. J. Adv. Transp. 1995, 29, 81–126. [Google Scholar] [CrossRef]
  41. Hahn, W.J.; Seaman, S.L.; Bikel, R. Making decisions with multiple attributes: A case in sustainability planning. Graziadio Bus. Rev. 2012, 15, 365–381. [Google Scholar]
  42. Zavadskas, E.K.; Govindan, K.; Antuchevičienė, J.; Turskis, Z. Hybrid multiple criteria decision-making methods: A review of applications for sustainability issues. Econ. Res.-Ekon. Istraživanja 2016, 29, 857–887. [Google Scholar] [CrossRef] [Green Version]
  43. Syamsuddin, I. Multicriteria Evaluation and Sensitivity Analysis on Information Security. Int. J. Comput. Appl. 2013, 69, 22–25. [Google Scholar] [CrossRef] [Green Version]
  44. Mi, X.; Wu, X.; Tang, M.; Liao, H.; Al-Barakati, A.; Altalhi, A.H.; Herrera, F. Hesitant Fuzzy Linguistic Analytic Hierarchical Process with Prioritization, Consistency Checking, and Inconsistency Repairing. IEEE Access 2019, 7, 44135–44149. [Google Scholar] [CrossRef]
  45. Srivastava, P.R.; Singh, A.P.; Vageesh, V.K. Assessment of Software Quality: A Fuzzy Multi-Criteria Approach. In Evolutionary Computation and Optimization Algorithms in Software Engineering; IGI Global: Hershey, PA, USA, 2010; pp. 200–219. [Google Scholar] [CrossRef]
  46. How to Build a Sustainable Cyber Security Plan. 2019. Available online: https://www.cigniti.com/blog/sustainable-cybersecurity-strategy-plan/ (accessed on 7 February 2020).
  47. Mikhailov, L. Deriving priorities from fuzzy pairwise comparison judgements. Fuzzy Sets Syst. 2003, 134, 365–385. [Google Scholar] [CrossRef]
  48. Dymova, L.; Sevastjanov, P.; Tikhonenko, A. An interval type-2 fuzzy extension of the TOPSIS method using alpha cuts. Knowl.-Based Syst. 2015, 83, 116–127. [Google Scholar] [CrossRef]
  49. Pearson Product-Moment Correlation. 2017. Available online: https://statistics.laerd.com/statistical-guides/pearson-correlation-coefficient-statistical-guide.php (accessed on 1 March 2020).
  50. Agrawal, A.; Seh, A.H.; Baz, A.; Alhakami, H.; Alhakami, W.; Baz, M.; Kumar, R.; Khan, R.A. Software Security Estimation Using the Hybrid Fuzzy ANP-TOPSIS Approach: Design Tactics Perspective. Symmetry 2020, 12, 598. [Google Scholar] [CrossRef] [Green Version]
  51. Kumar, R.; Baz, A.; Alhakami, H.; Alhakami, W.; Baz, M.; Agrawal, A.; Khan, R.A. A Hybrid Model of Hesitant Fuzzy Decision- Making Analysis for Estimating Usable- Security of Software. IEEE Access (Early Access) 2020, 8. [Google Scholar] [CrossRef]
Figure 1. Previous data breach trend.
Figure 1. Previous data breach trend.
Symmetry 12 00664 g001
Figure 2. Month breach trends (location according).
Figure 2. Month breach trends (location according).
Symmetry 12 00664 g002
Figure 3. Layered structure of healthcare organization.
Figure 3. Layered structure of healthcare organization.
Symmetry 12 00664 g003
Figure 4. Various factors aligned with the related layer.
Figure 4. Various factors aligned with the related layer.
Symmetry 12 00664 g004
Figure 5. Triangular Fuzzy Number.
Figure 5. Triangular Fuzzy Number.
Symmetry 12 00664 g005
Figure 6. Graphical representation of satisfaction degree.
Figure 6. Graphical representation of satisfaction degree.
Symmetry 12 00664 g006
Figure 7. Graphical Description of Sensitivity Analysis.
Figure 7. Graphical Description of Sensitivity Analysis.
Symmetry 12 00664 g007
Figure 8. Graphical representation of comparison.
Figure 8. Graphical representation of comparison.
Symmetry 12 00664 g008
Table 1. Triangular fuzzy number scale.
Table 1. Triangular fuzzy number scale.
Saaty Scale DefinitionFuzzy Triangle Scale
1Equally important(1, 1, 1)
3Weakly important(2, 3, 4)
5Fairly important(4, 5, 6)
7Strongly important(6, 7, 8)
9Absolutely important(9, 9, 9)
2Intermittent values between two adjacent scales(1, 2, 3)
4(3, 4, 5)
6(5, 6, 7)
8(7, 8, 9)
Table 2. Scale for ratings.
Table 2. Scale for ratings.
Linguistic VariableCorresponding TFN
Very Poor(0, 1, 3)
Poor (P)(1, 3, 5)
Fair (F)(3, 5, 7)
Good (G)(5, 7, 9)
Very good (VG)(7, 9,10)
Table 3. Fuzzy pair-wise comparison matrix at level 1.
Table 3. Fuzzy pair-wise comparison matrix at level 1.
C1C2C3C4
C11.00000, 1.00000, 1.000000.34000, 0.40000, 0.480000.56000, 0.90000, 1.370000.39000, 0.43000, 0.47000
C22.08000, 2.50000, 2.940001.00000, 1.00000, 1.000000.80000, 0.97000, 1.200000.79000, 0.88000, 1.02000
C30.73000, 1.11000, 1.790000.83000, 1.03000, 1.250001.00000, 1.00000, 1.000000.50000, 0.70000, 0.93000
C42.13000, 2.33000, 2.570000.98000, 1.14000, 1.270001.08000, 1.43000, 2.000001.00000, 1.00000, 1.00000
Table 4. Fuzzy Pair- wise comparison matrix for data storage layer at level 2.
Table 4. Fuzzy Pair- wise comparison matrix for data storage layer at level 2.
C11C12C13
C111.00000, 1.00000, 1.000000.41000, 0.55000, 0.790000.80000, 1.24000, 1.78000
C121.26000, 1.81000, 2.430001.00000, 1.00000, 1.000000.38000, 0.55000, 0.84000
C130.56000, 0.80000, 1.250001.19000, 1.81000, 2.630001.00000, 1.00000, 1.00000
Table 5. Fuzzy Pair- wise comparison matrix for data application layer at level 2.
Table 5. Fuzzy Pair- wise comparison matrix for data application layer at level 2.
C21C22C23C24 C25
C211.00000, 1.00000, 1.000000.97000, 1.25000, 1.610001.06000, 1.59000, 2.220000.77000, 1.01000, 1.290000.76000, 0.91000, 1.10000
C220.62100, 0.80000, 1.030001.00000, 1.00000, 1.000000.64000, 0.91000, 1.340000.43000, 0.63000, 0.970000.35000, 0.49000, 0.87000
C230.45000, 0.62800, 0.943000.74600, 1.09800, 1.560001.00000, 1.00000, 1.000000.52000, 0.66000, 0.790000.52000, 0.66000, 0.92000
C240.77500, 0.99000, 0.298001.03000, 1.58000, 2.320001.26000, 1.51000, 1.920001.00000, 1.00000, 1.000000.56000, 0.65000, 0.81000
C250.90000, 1.09800, 1.310001.14000, 2.04000, 2.850001.08000, 1.51000, 1.920001.23000, 1.53000, 1.780001.00000, 1.00000, 1.00000
Table 6. Fuzzy Pair- wise comparison matrix for data transfer layer at level 2.
Table 6. Fuzzy Pair- wise comparison matrix for data transfer layer at level 2.
C31C32C33C34C35
C311.00000, 1.00000, 1.000001.87000, 2.60000, 3.210001.46000, 1.68000, 1.970001.45000, 2.44000, 3.390000.48000, 0.57000, 0.79000
C32 0.31100, 0.38000, 0.534001.00000, 1.00000, 1.000000.61000, 0.78000, 1.03000.77000, 0.95000, 1.240000.16000, 0.20000, 0.25000
C33 0.50700, 0.59500, 0.684000.97000, 1.28000, 1.639001.00000, 1.00000, 1.000000.77000, 1.05000, 1.360000.21000, 0.2500, 0.31000
C340.29400, 0.40900, 0.689000.80600, 1.05200, 1.298000.73500, 0.95200, 1.298001.00000, 1.00000, 1.000000.20000, 0.23000, 0.29000
C351.26500. 1.75400, 2.083004.00000, 5.00000, 6.250003.20000, 4.00000, 4.760003.44000, 4.34000, 4.000001.00000, 1.00000, 1.00000
Table 7. Fuzzy Pair- wise comparison matrix for data production layer at level 2.
Table 7. Fuzzy Pair- wise comparison matrix for data production layer at level 2.
C41C42C43C44C45
C411.00000, 1.00000, 1.000001.00000, 1.52000, 1.930000.49000, 0.64000, 1.000000.42000, 0.57000, 1.000000.22000, 0.29000, 0.42000
C420.51800, 0.65700, 1.000001.00000, 1.00000, 1.000000.57000, 0.67000, 0.800000.31000, 0.39000, 0.560000.27000, 0.35000, 0.52000
C431.00000, 1.56000, 2.040001.25000, 1.49000, 1.750001.00000, 1.00000, 1.000001.00000, 1.32000, 1.550000.30000, 0.44000, 0.80000
C441.00000, 1.75000, 2.380001.78000, 2.56000, 3.220000.64500, 0.75000, 1.000001.00000, 1.00000, 1.000000.54000, 0.91000, 1.58000
C452.38000, 3.44000, 4.540001.92000, 2.85000, 3.700001.25000, 2.27000, 3.330000.632000, 1.098000, 1.850001.00000, 1.00000, 1.00000
Table 8. Global weights of second level through the hierarchy.
Table 8. Global weights of second level through the hierarchy.
The First LevelThe Weight of First LevelBest Non-Fuzzy Performance Value (BNP)The Second LevelLocal Weight of Second LevelThe Final Weight of the Second LevelBest Non-fuzzy Performance Value (BNP)
C10.14600, 0.15000, 0.190000.16200C110.20800, 0.21500, 0.229000.03000, 0.03200, 0.043000.03500
C120.30200, 0.31000, 0.328000.00500, 0.04600, 0.062000.03800
C130.45200, 0.46300, 0.487000.06600, 0.07000, 0.093000.07600
C20.28900, 0.30000, 0.351000.31100C210.20200, 0.22500, 0.240000.05800, 0.06700, 0.084000.07000
C220.22000, 0.25100, 0.555000.06300, 0.07500, 0.190000.00900
C230.31100, 0.35300, 0.514000.08900, 0.09900, 0.180000.09300
C240.11200, 0.16900, 0.211000.03200, 0.05000, 0.074000.05200
C250.51000, 0.57100, 0.604000.04000, 0.07000, 0.096000.07400
C30.20800, 0.22600, 0.306000.20000C310.23300, 0.23800, 0.264000.04800, 0.05300, 0.080000.06000
C320.13500, 0.14100, 0.141000.02800, 0.03100, 0.040000.03300
C330.12500, 0.13600, 0.177000.02600, 0.03000, 0.054000.03700
C340.59200, 0.60200, 0.727000.12300, 0.13600, 0.222000.15000
C350.43100, 0.46300, 0.45900,0.08900, 0.10000, 0.140000.01000
C40.32400, 0.34400, 0.407000.32700C410.23500, 0.25500, 0.266000.07600, 0.08700, 0.108000.09000
C420.52800, 0.53500, 0.548000.17000, 0.18000, 0.223000.06500
C430.40200, 0.41400, 0.428000.13000, 0.14000, 0.174000.04800
C440.23200, 0.24000, 0.269000.07500, 0.08000, 0.109000.04900
C450.27700, 0.28400, 0.289000.05100, 0.05700, 0.064000.01100
Table 9. Dependent weights and BNP values of level 1 factor.
Table 9. Dependent weights and BNP values of level 1 factor.
S. No.Level 1 CharacteristicsFinal WeightsBest Non-fuzzy Performance Value (BNP)Ranks
1Data Storage Layer0.14600, 0.15000, 0.190000.162004
2Data Application Layer0.28900, 0.30000, 0.351000.311002
3Data Transfer Layer0.20800, 0.22600, 0.306000.200003
4Data Production Layer0.32400, 0.34400, 0.407000.327001
Table 10. Dependent summarized weights and BNP values of level 2 factors.
Table 10. Dependent summarized weights and BNP values of level 2 factors.
S. No.Level 2 CharacteristicsFinal WeightsBest Non-fuzzy Performance Value (BNP)Ranks
1MedjackingC11+C21+C310.13600, 0.15200, 0.207000.165006
2Low access control managementC12+C22+C410.14400, 0.20800, 0.360000.236004
3Malware/RansomwareC35+C450.14000, 0.15700, 0.204000.167005
4Outdated IT InfrastructureC24+C33+C430.18800, 0.22000, 0.302000.237003
5Human ErrorC13+C23+C32+C420.35300, 0.38000, 0.536000.423001
6Social EngineeringC25+C34+C440.23800, 0.28600, 0.427000.317002
Table 11. Subjective cognition results of evaluators in linguistic terms.
Table 11. Subjective cognition results of evaluators in linguistic terms.
A1A2A3A4A5A6A7A8A9A10
Medjacking5.36000, 7.36000, 9.000004.82000, 6.82000, 8.640003.91000, 5.91000, 7.800204.27000, 6.27000, 8.270002.45000, 4.45000, 6.450002.91000, 4.64000, 6.550001.45000, 3.00000, 4.910001.18000, 2.82000, 4.820004.82000, 6.82000, 8.550004.82000, 6.82000, 8.73000
Low access control management4.27000, 6.27000, 8.090004.64000, 6.64000, 8.450004.64000, 6.64000, 8.360004.27000, 6.27000, 8.000002.82000, 4.82000, 6.820003.18000, 5.18000, 7.090001.45000, 3.00000, 4.910000.82000, 2.27000, 4.270005.18000, 7.18000, 8.820004.82000, 6.82000, 8.64000
Malware/Ransomware6.27000, 8.27000, 9.640002.64000, 4.64000, 6.640003.18000, 5.18000, 7.090005.36000, 7.36000, 9.000003.73000, 5.73000, 7.550002.45000, 4.45000, 6.450000.91000, 2.45000, 4.450002.45000, 4.27000, 6.270005.18000, 7.18000, 8.910004.82000, 6.82000, 8.55000
Outdated IT Infrastructure4.82000, 6.82000, 8.640003.09000, 5.00000, 6.910003.18000, 5.18000, 7.090004.64000, 6.64000, 8.550003.00000, 5.00000, 7.000002.18000, 4.09000, 6.000002.82000, 4.64000, 6.640001.91000, 3.73000, 5.730005.73000, 7.73000, 9.360005.55000, 7.50500, 9.27000
Human Error3.73000, 5.73000, 7.640003.91000, 5.91000, 7.730004.27000, 6.27000, 8.180003.00000, 5.00000, 7.000002.45000, 4.45000, 6.450003.55000, 5.55000, 7.450001.82000, 3.73000, 5.730001.64000, 3.55000, 5.550005.73000, 7.73000, 9.270004.27000, 6.27000, 8.18000
Social Engineering4.45000, 6.45000, 8.270003.55000, 5.55000, 7.450005.00000, 7.00000, 8.730005.36000, 7.36000, 9.090002.64000, 4.64000, 6.640002.90000, 4.80000, 6.700002.82000, 4.64000, 6.640002.55000, 4.45000, 6.450005.18000, 7.18000, 9.000004.27000, 6.27000, 8.09000
Table 12. Normalized fuzzy-decision matrix.
Table 12. Normalized fuzzy-decision matrix.
A1A2A3A4A5A6A7A8A9A10
Medjacking0.56000, 0.76000, 0.930000.52000, 0.74000, 0.930000.42000, 0.64000, 0.840000.45000, 0.66000, 0.880000.33000, 0.59000, 0.860000.35000, 0.56000, 0.790000.22000, 0.45000, 0.730000.18000, 0.42000, 0.720000.50000, 0.71000, 0.890000.52000, 0.74000, 0.94000
Low access control management0.44000, 0.65000, 0.840000.50000, 0.72000, 0.910000.50000, 0.72000, 0.900000.45000, 0.66000, 0.850000.37000, 0.64000, 0.900000.38000, 0.63000, 0.860000.22000, 0.45000, 0.730000.12000, 0.34000, 0.640000.54000, 0.75000, 0.920000.52000, 0.74000, 0.93000
Malware/Ransomware0.65000, 0.86000, 1.000000.28000, 0.50000, 0.720000.34000, 0.56000, 0.760000.57000, 0.78000, 0.950000.49000, 0.76000, 1.000000.30000, 0.54000, 0.780000.140000, 0.36000, 0.660000.36000, 0.64000, 0.930000.54000, 0.75000, 0.920000.52000, 0.74000, 0.92000
Outdated IT Infrastructure0.50000, 0.71000, 0.900000.33000, 0.54000, 0.750000.34000, 0.56000, 0.760000.49000, 0.70000, 0.900000.40000, 0.66000, 0.930000.26000, 0.49000, 0.730000.42000, 0.69000, 0.990000.28000, 0.55000, 0.850000.59000, 0.80000, 0.970000.60000, 0.81000, 1.00000
Human Error0.39000, 0.59000, 0.790000.42000, 0.64000, 0.830000.46000, 0.68000, 0.880000.32000, 0.53000, 0.740000.33000, 0.59000, 0.860000.43000, 0.67000, 0.900000.27000, 0.55000, 0.800050.24000, 0.53000, 0.820000.59000, 0.80000, 0.960000.46000, 0.68000, 0.88000
Social Engineering0.46000, 0.67000, 0.860000.38000, 0.60000, 0.800000.54000, 0.75000, 0.940000.57000, 0.78000, 0.960000.35000, 0.61000, 0.880000.35000, 0.58000, 0.810000.42000, 0.69000, 0.990000.38000, 0.66000, 0.960000.54000, 0.75000, 0.930000.46000, 0.68000, 0.87000
Table 13. Weighted normalized fuzzy-decision matrix.
Table 13. Weighted normalized fuzzy-decision matrix.
A1A2A3A4A5A6A7A8A9A10
Medjacking0.002000, 0.007000, 0.0210000.002000, 0.006000, 0.0210000.001000, 0.006000, 0.0190000.002000, 0.006000, 0.0200000.001000, 0.005000, 0.0190000.001000, 0.005000, 0.0180000.001000, 0.004000, 0.0160000.001000, 0.004000, 0.0160000.004000, 0.014000, 0.0430000.004000, 0.015000, 0.046000
Low access control management0.002000, 0.008000, 0.0250000.002000, 0.008000, 0.0270000.002000, 0.008000, 0.0270000.002000, 0.008000, 0.0250000.002000, 0.007000, 0.0270000.002000, 0.007000, 0.0250000.001000, 0.005000, 0.0220000.001000, 0.004000, 0.0190000.002000, 0.006000, 0.0190000.002000, 0.006000, 0.020000
Malware/Ransomware0.002000, 0.008000, 0.0240000.001000, 0.005000, 0.0170000.001000, 0.005000, 0.0180000.002000, 0.007000, 0.0220000.002000, 0.007000, 0.0240000.001000, 0.005000, 0.0180000.000000, 0.003000, 0.0160000.001000, 0.006000, 0.0220000.002000, 0.007000, 0.0230000.002000, 0.007000, 0.023000
Outdated IT Infrastructure0.002000, 0.007000, 0.0230000.001000, 0.006000, 0.0190000.002000, 0.006000, 0.0190000.002000, 0.007000, 0.0230000.002000, 0.007000, 0.0240000.001000, 0.005000, 0.0180000.002000, 0.007000, 0.0250000.001000, 0.006000, 0.0220000.001000, 0.003000, 0.0110000.001000, 0.004000, 0.011000
Human Error0.003000, 0.010000, 0.0320000.003000, 0.011000, 0.0340000.003000, 0.011000, 0.0360000.002000, 0.009000, 0.0300000.002000, 0.010000, 0.0350000.003000, 0.011000, 0.0360000.002000, 0.009000, 0.0340000.002000, 0.009000, 0.0330000.004000, 0.012000, 0.0401000.003000, 0.011000, 0.037000
Social Engineering0.004000, 0.014000, 0.0440000.003000, 0.012000, 0.0410000.005000, 0.016000, 0.0480000.005000, 0.016000, 0.0490000.003000, 0.013000, 0.0450000.003000, 0.012000, 0.0410000.004000, 0.014000, 0.0500000.003000, 0.014000, 0.0490000.006000, 0.022000, 0.0710000.005000, 0.020000, 0.066000
Table 14. Closeness coefficients to the aspired level among the different alternatives.
Table 14. Closeness coefficients to the aspired level among the different alternatives.
Alternativesd+id−iGap Degree of CC+iSatisfaction Degree of CC−i
Alternative 1A10.0438450.0266230.3778030.622197
Alternative 2A20.0367480.0362430.4965410.503459
Alternative 3A30.0352370.0411780.5388730.461127
Alternative 4A40.0346520.0270230.4381520.561848
Alternative 5A50.0383580.0458640.5445610.455439
Alternative 6A60.0304940.0465570.6042360.395764
Alternative 7A70.0438450.0256350.3689550.631045
Alternative 8A80.0327650.0423530.5638200.436180
Alternative 9A90.0438450.0256350.3689550.631045
Alternative 10A100.0327650.0423530.5638200.436180
Table 15. Sensitivity Analysis.
Table 15. Sensitivity Analysis.
ExperimentsWeights/Alternatives A1A2A3A4A5A6A7A8A9A10
Experiment-0Original WeightsSatisfaction Degree (CC-i)0.6221970.5034590.4611270.5618480.4554390.3957640.6310450.4361800.6310450.436180
Experiment-1Medjacking0.7112970.5950590.5467270.6423480.5432390.4787640.6560450.521680.7105450.53248
Experiment-2Low access control management0.6639970.5460590.5019270.5990480.4968390.4350640.6687450.468180.6690450.48148
Experiment-3Malware/Ransomware0.5807970.4630590.4241270.5234480.4180390.3597640.5904450.377980.5970450.39548
Experiment-4Outdated IT Infrastructure0.5447970.4236590.3911270.4920480.3856390.3280640.5580450.340480.5660450.35948
Experiment-5Human Error0.6251970.4914590.4687270.5837480.4552390.4062640.6337450.429180.6290450.43818
Experiment-6Social Engineering0.6228970.4961590.4651270.5717480.4552390.4007640.6320450.440180.6305450.43678
Table 16. Comparison of the results of classical and fuzzy AHP-TOPSIS methods.
Table 16. Comparison of the results of classical and fuzzy AHP-TOPSIS methods.
Methods/AlternativesA1A2A3A4A5A6A7A8A9A10
Fuzzy-AHP-TOPSIS0.6221970.5034590.4611270.5618480.4554390.3957640.6310450.4361800.6310450.436180
Classical-AHP-TOPSIS0.6378970.5007590.4731270.6028480.4574390.4117640.6406450.4646800.6310450.441180

Share and Cite

MDPI and ACS Style

Kumar, R.; Pandey, A.K.; Baz, A.; Alhakami, H.; Alhakami, W.; Agrawal, A.; Khan, R.A. Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security. Symmetry 2020, 12, 664. https://doi.org/10.3390/sym12040664

AMA Style

Kumar R, Pandey AK, Baz A, Alhakami H, Alhakami W, Agrawal A, Khan RA. Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security. Symmetry. 2020; 12(4):664. https://doi.org/10.3390/sym12040664

Chicago/Turabian Style

Kumar, Rajeev, Abhishek Kumar Pandey, Abdullah Baz, Hosam Alhakami, Wajdi Alhakami, Alka Agrawal, and Raees Ahmad Khan. 2020. "Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security" Symmetry 12, no. 4: 664. https://doi.org/10.3390/sym12040664

APA Style

Kumar, R., Pandey, A. K., Baz, A., Alhakami, H., Alhakami, W., Agrawal, A., & Khan, R. A. (2020). Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security. Symmetry, 12(4), 664. https://doi.org/10.3390/sym12040664

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop