Healthcare Device Security Assessment through Computational Methodology

The current study discusses the different methods used to secure healthcare devices and proposes a quantitative framework to list them in order of significances. The study uses the Hesitant Fuzzy (HF), Analytic Hierarchy Process (AHP) integrated with Fuzzy Technical for Order Preference by Similarities to Ideal Solution (TOPSIS) to classify the best alternatives to security techniques for healthcare devices to securing the devices. The technique is enlisted to rate the alternatives based on the degree of satisfaction of their weights. The ranks of the alternatives consequently decide the order of priority for the techniques. A1 was the most probable alternative of all the alternatives, according to the ranks of the alternatives acquired. This means that the security of A2 healthcare devices is the greatest of all the alternatives picked. A corroborative guide for the developers and the makers in quantitatively determining the security of healthcare devices to engineer efficacious devices will be the findings drawn up with the assistance of the proposed framework. The assessments performed using the proposed framework are systematic, precise, and definitive. Therefore, the results of the present empirical analysis are a stronger and accurate choice than the manual assessment of the device’s security.


Introduction
Healthcare devices are the virtual lifelines of today's healthcare systems and are commonly used to avoid, track, or diagnose diseases. However, these devices have also become an easy target for cyber intrusions due to software and design-related vulnerabilities. Ironically, due to cyber-attacks, devices meant to protect the health of patients' are now becoming a major health threat. Only one among such breaches is the troubling instance of intruders gaining easy access to insulin pumps [1][2][3][4][5]. An exponential increase in attacks on the entire healthcare sector has been reported in the last few years. Security experts suggest that the high demand and cost of healthcare data on the dark web may be the explanation for this increase [6][7][8][9]. Several attacks on healthcare devices are carried out, risking not only the effectiveness of and hardware layers are also part of the security needs [52,53]. Integrity, availability, authentication, confidentiality, safety and privacy, unauthorized tampering, are the essential features for developing highly secure healthcare devices. Due to traditional security algorithms that cannot be used because of implantable and sensor devices, maintaining the security of the devices is a tough task challenge.
But in recent years, refreshers have built a new algorithm for the CIA that resolve integrity and security issues. These are not ideal for all forms of cyber-attacks because of certain bars. The on-site healthcare devices (MRI, X-ray, and ultrasound) are also vulnerable to cyber-attacks [26][27][28][29]. Various techniques for preserving the security of the devices have been developed. Such approaches have been elucidated in Fig. 1.

Encryption
Converting the simple characters into some special type of code through a systematic algorithm is called the encryption process [20]. This process has a special position in security mechanics because it gives a special ability of secrecy to the sender's message or information.

Biometrics
Biometric is human physical or behavioral characteristics that can be used to identify an individual digitally to grant access to systems, devices, or information [21]. Fingerprints, facial expressions, speech, or typing are examples of these biometric signatures.

Authentication
The method of verifying the identity of a person or system is known as authentication [22]. When a person wants to log in, a typical example is entering a username and password. Entering the correct login information helps that person is accessing the device.

Security Token
A peripheral system used to gain access to an electronically limited resource is a security token [23]. In addition to or in place of a password, the token is used.

Password
A password, also referred to as a passcode, is a memorized secret, normally a character string generally used to confirm the identity of a user [23].

Recovery Software
After accident deletion, formatting, partition mistake, device crash, etc., data recovery software can help restore data [24]. This is used in the integrity of the data.

Access Control
Access control is a way of ensuring that people are who they say they are and that they have the right access to personal information [25].

Backup
A backup is a copy of data taken and stored somewhere so that it can be used during a data loss event to recover the original [26]. Backup is the verb form referring to the method of doing so, while a backup is the noun and adjective form.

Error Detection
Error detection is the method of identifying errors in a communication device that is present in the data transmitted from the transmitter to the receiver [27]. To recognize these errors, we use some redundancy codes by adding them to the data while it is transmitted from the source (transmitter).

Version Control
The practice of monitoring and handling modifications to software code is version control, often referred to as source control [28]. Version control systems are automated mechanisms that assist software teams to handle source code revisions over time.

Methodology Followed
Some real-world issues demand unique or multi choice-based solutions that are crucial for real users to conduct without any solid base. To tackle this situation and give an ideal quantitative solution to these issues the adopted MCDM approaches are implemented by various researchers. Specifically adopted AHP approach combined with fuzzy linguistic term set theory is more effective and simple in the comparison of others it is evident from various previous research initiatives [5,9]. If there is more than one option available for evaluation in the technique during the computation process, then this situation influences the calculated results even more strongly. In the context of the proposed article authors adopt a hesitant fuzzy set-based MCDM approach that gives an extra efficiency in results for evaluation. Besides, the TOPSIS approach has been used to assess the security of healthcare devices results obtained. Besides, to get more productive and accurate results, this study adopts the hesitant fuzzy approach. Moreover, for testing the evaluated results adopted the methodology of TOPSIS is the most promised and effective approach available in MCDM approaches. The biggest beneficial advantage of this methodology is that it gives a positive and negative both impact evaluation in the same evaluation and considers it in the calculation.
The authors followed the hesitant fuzzy set approach [15] when decision-makers find the possibility or situation of choosing any other value for numbering besides previously used ones. This type of situation opens a possibility of hesitant value use in evaluation which is prepared and discussed firstly by a study [28] and then modified and more systematically explained by Algarni et al. [14].
In cloud-based security architecture, Torra et al. [28] presented a TOPSIS integrated methodology that yielded successful results. For this article, the methodology adopted can skip and handle ambiguities and other AHP-TOPSIS methodology issues. Besides, by evaluating stock selection on paper, the model often validates its results. Similarly, Torra et al. [28,29] in their study have used the same approach. The authors verified the reliability of this technique by objectively analyzing the security of healthcare devices. Besides, Xu et al. [30] and Kumar et al. [31] have also used the specified technique to generate convincing results for their study in the sense of the energy solution.
In our research, HF-AHP methods were enlisted to estimate the priority of the healthcare device security factors, and then we tested their approach HF-TOPSIS on alternatives for similar factors [32]. A phase by phase methodology, in brief, is discussed below: Phase 1: The first step in the implemented approach is the hierarchy development of factors.
Phase 2: In Tab. 1, examiners use linguistic terminology to create accurate and beneficial assessment criteria for the decision-makers.
Phase 3: The next step in technique evaluation is the adoption of fuzzy wrappers [29] from Eq. (1).
. . . . . . ::w 1 n )): . . . . . . ::w 2 n À Á À Á : The numerical form for the highest rank in the formula is g and lowest, highest rank factors are shown by i and j, respectively. Phase 4: Eqs. (8)-(9) are used by the experts after evaluating the entire previous approach to satisfy the remaining comparison matrix attributes. Thereafter, experts use Eq. (10) to defuzzify the matrix to determine the comparison matrix.
Phase 5: The phase of defuzzification provides correct values. The experts examine the Consistency Ratio (CR) by applying the Eqs. (11)- (12) to analyse the CR of these values.
CR ¼ CI RI Phase 6: In this step, by Eq. (13), the experts assess the geometrical mean of the values. Phase 7: The most significant criterion in the entire set is evaluated by experts by applying the Eq. (14).
Phase 9: By applying the Eq. (16), experts transform the defuzzified values into normalized values or weights.
Now after identifying priority list for selected attributes the second adopted methodology of TOPSIS is used for testing the effectiveness of obtained results. TOPSIS is effective as a MADM technique in recommending the most preferred option for use. The definition of the TOPSIS approach was introduced by Lai et al. The synthesis of positive and negative ideas is the TOPSIS methodology; the most accurate and effective option is the most precise and reliable factor. The worst option, on the other hand, is an irrelevant factor. The authors utilized the hesitant fuzzy AHP TOPSIS approach to test and assess the security of healthcare devices [14]. The TOPSIS method associates the distance between two linguistic values such as H1s and H2s and performs its computations. Below, the procedure has been clarified (Eq. (17)): Phase 10: The following terms are described as the starting process: The following written formulas are applied as C ¼ C 1 ; C 2 ; . . . : : Þand n criteria C ¼ C 1 ; C 2 ; . . . ::C n f g ð Þ to define alternatives and criteria in TOPSIS.
Similarly, k is used to show the numeric count of experts in TOPSIS e x Denotes the experts.
The standards are written for TOPSIS to determine the criteria and effect of outcomes: The standard for TOPSIS evaluation lies in between very poor and very good scale, r 1 1 = between medium and good (bt M&G) r 1 2 = at most medium (am M) r 2 1 = at least good (al G) r 2 2 = between very bad and medium (bt VB&M) For HF matrix, the following formulas are used [9]: env F (EGH (btM&G)) = T (0.3300, 0.5000, 0.6700, 0.8300) env F (EGH (amM)) = T (0.0000, 0.0000, 0.3500, 0.6700) env F (EGH (alG)) = T (0.5000, 0.8500, 1.0000, 1.0000) env F (EGH (btVB&M)) = T (0.0000, 0.3000, 0.3700, 0.6700) Phase 11: By applying the Eq. (18) formula, the associated combined matrix is created: Phase 12: The effective factor where most effective factor is indicated by Aj, is shown by alpha in the TOPSIS evaluation, and alpha shows the cost-related preferences. In addition, the latest efficient alternatives need high precision for cost related preferences. The following Eqs. (19)- (22) are used to define and compare cost as well as effective factors: Phase 13: Experts evaluate TOPISIS +ve and −ve concepts components by applying following Eqs. (23)- (24).
Phase 14: Experts build and assess the closeness of positive and negative factors evaluated by Eqs. (25)- (26). where Phase 15: The ranks are allocated to conclude the process, and the tabular forms of options are focused on their assessment of effectiveness.
In further parts of this study, a highly detailed and evaluated numerical assessment of healthcare device security has been conducted.

Data Analysis
In this section, authors discussed the analysis of results of the proposed method, and compare the proposed method with existing methods to verdict the proposed method advantages.

Security Assessment
Managing security and its characteristic in a system is crucial and challenging task for experts. Security measures for healthcare devices can be enhanced with the aid of quantitative evaluation. But because of growing security breaches and user dissatisfaction, practitioners are often confused during process of development. Therefore, to avoid this situation and manage the security perfectly adopted approach is used for evaluation in this proposed article. Further, it is decision-making challenge to ensure the security of healthcare devices. To quantitatively analyze and solve this kind of dilemma, there are so many decision-making processes.
Firstly, in order to conduct the adopted evaluation approach forty five different experts for academic and industry background are called on a virtual meeting environment for discussion. During this discussion they get briefly introduced by topic of research and then selected attributes in order to achieve the desired objective. O the basis of that introduction and their own experience in relevant field they provide values that work as key decision makers in the evaluation. Further, on the basis of their values authors prepare matrix for evaluation which are portray by them in following headings. At level 1 of the hierarchy, two characteristics are shown according to Fig. 1. In the gathering, both practitioners were given a joint decision. Fuzzy envelops (consistent) for features at level 1 are shown in Tab. 2.
The accuracy of every evaluation was checked by phase 5 and Eqs. (1)-(12) after obtaining the score. The consistency was found to be lower than 0.1 for all groups characteristics of the hierarchy. The results of level 1 function from Tabs. 1 and 2 and Eqs. (1)- (12) were evaluated by the authors as follows: "B/W EHI and WHI" were designated as the fuzzy envelope (   Calculating the fuzzy weights of characteristics, from Eqs. (13)- (14). After that by Eq. (14), the weight of corresponding characteristic can be evaluated. In addition, from Eq. (15), the defuzzified value of respective characteristic is calculated and the weights are finally normalized by Eq. (16).
The same method for evaluating fuzzy local weights as shown in Tab. 3 is used to describe attributes weightage present in next layer of first layer. Further, global weights and ranks of the attributes are shown in Tab. 4. Moreover, Tabs. 5 and 6 are available to present values based on the level and its importance towards usability of device security, with the help of Eqs. (17)- (22). Further, Tab. 7 and Fig. 2 show the satisfaction degree of alternatives and overall impacts obtained by Eqs. (23)-(26).    Fig. 2 represent the closeness coefficients of alternatives, in this table distance calculated from a positive and negative ideal solution and satisfaction degree is calculated. According to the satisfaction, degree assigns the ranks and we observed that alternative 2 obtain the highest ranks and best alternative after that A1 obtain the highest priority. After review, we checked the findings of our analysis by adjusting the variable.

Sensitivity Analysis and Comparison
Authors performed sensitivity analysis of the presented method in order to verified the accuracy and validity of results and compare with Ahmed's method [33], Algarni method [14] and classical method of both method with presented method in this paper has some advantages with rest method: presented method increase the acceptability/accuracy of the decision making results, easily determined the uncertainty in decision making, presented method can better reflect decision compared to other decision making method. Authors have done sensitivity analysis within 10 experiments because authors have chosen 10 alternatives in the last level of hierarchy of Fig. 1. In order to evaluate, the sensitivity weights of each factors are changed at various times, while the other factors weights and satisfaction levels are remain constant. Sensitivity analysis depicted on Tab. 8.  Authors performed comparison with other existent method; in the comparison same data applied by authors for evaluation the other methods available in the study. Comparison results with other methods is depicted in Tab. 9 and proof is available in results that HF-AHP-TOPSIS (proposed) method gives improved results in compare to other methods available in study.

Discussion
The security of healthcare devices is compromised at the execution time by the method of data transfer, data storage, and migration process. By updating the software patch, using the hardware security guards and network encryption techniques all these problems can be addressed. Healthcare devices hold confidential information relating to the health and personal data of patients. We have established an approach for quantitative assessment of the security of healthcare devices from the proposed article through HF-AHP. TOPSIS approach in our framework, which is the best decision making and ranting approach. The   decision-makers allocated the rating of the healthcare devices based on their security using this approach. The study has enlisted the help of 45 experts in different fields of security. Based on their experiences, they ranked the healthcare devices accordingly. Finally, on the provided data for performance assessment of the healthcare devices, HF.AHP.TOPSIS was applied. The findings of this research work as shows: Most researchers work on the security of healthcare devices, but do not have sufficient guidelines for the development and design of the software and security of the device. Our approach is systematic and provides the developers with effective guidelines to build the software by adhering to the security rules. Security evaluation of healthcare devices will not only ensure the operation of healthcare devices and the personal details of patients but will also improve the device's technological characteristics.
Manufacturers and government agencies may use our framework to quantitatively and reliably verify the security of healthcare devices.

Conclusions
In the current situation, dependability on healthcare devices has improved enormously, more so in the aftermath of a health emergency such as the COVID-19 pandemic when home quarantine instead of attending hospitals was recommended to patients. For health care monitoring and treatment, doctors and patients alike depend on medical devices. Healthcare devices submit data from patients to physicians who prescribe the course of care after the data has been checked. However, the confidentiality of the data and system is under consideration. Even a small difference in the data of the patient can lead to an incorrect diagnosis, thus endangering the health and well-being of the patient. Quantitative and automated evaluation of the security of medical devices is an efficient solution for ensuring the security of the healthcare device. In the above observation, the A2 alternative obtains the highest ranks among the best alternatives. In the current analysis, this was done with the help of the HF-AHP.TOPSIS approach. Among the different alternatives, this method is best for decision making and provides corroborative results. This framework is well validated and tested; manufactures may use a tested approach to security checking to protect the healthcare devices.