Enhancing healthcare security measures in IoTT applications through a Hesitant Fuzzy-Based integrated approach

1.   Introduction

In the rapidly evolving landscape of digital transformation, the Internet of Things (IoT) has emerged as a transformative force, reshaping industries and sectors across the globe. One particularly dynamic facet of the IoT is the Internet of Transportation Things (IoTT), which plays an increasingly pivotal role in various domains, including healthcare emergency services ^[1,2]. IoTT applications have enabled the seamless monitoring of critical assets, real-time tracking of resources, and the efficient management of transportation networks during healthcare emergencies such as the COVID-19 outbreak. However, as the adoption of IoTT applications accelerates, so do the associated security risks. The paramount concern in this rapidly evolving landscape is safeguarding sensitive data and ensuring the integrity of critical services, especially when human lives are at stake ^[3,4]. Healthcare emergency services, in particular, rely on the uninterrupted functionality of IoTT applications to ensure timely and effective responses to emergencies. Any breach in security could lead to catastrophic consequences.

In 2019, the healthcare sector showed a strong inclination toward embracing IoT technology, with 86% of healthcare organizations incorporating it in various operations, recognizing IoT's potential to enhance healthcare services. The IoT healthcare market projected a worth of $158.1 billion in 2022, driven by a remarkable compound annual growth rate (CAGR) of 28.6% during 2021 ^[3,4,5]. The surge in data generation, doubling every 73 days on average, underscored the need for robust IoT security measures. Projections indicate that the global IoT healthcare market is expected to reach $534.3 billion by 2025, with a CAGR of 19.9% over the next five years. IoT technology has significantly improved patient care through innovations like EarlySense, FreeStyle Libre, coagulation systems, and disease monitoring devices. However, IoT security became a prominent concern in 2021, with privacy issues and vulnerabilities in IoT devices requiring urgent attention ^[5,6].

The Internet of Things (IoT) has applications in transportation that go beyond the realm of transportation itself ^[7,8,9]. These applications include better safety, environmental sustainability, and convenience in mobility ^{[10,11,12,13,14]}. For example, a smart car can perform multiple tasks simultaneously, including functions such as navigation, communication, entertainment, and ensuring that transportation is both efficient and reliable. It is now possible for travelers to maintain a continuous connection to all modes of transportation thanks to the Internet of Things (IoT). The automobile is outfitted with a wide variety of wireless connectivity options that allow for access to the internet. These options include Bluetooth, Wi-Fi, 3G, 4G, intelligent traffic systems, and inter-vehicle communication. In the field of logistics, the use of Internet of Things (IoT) technology might be beneficial. One example of this would be the installation of sensors in ambulances, which would allow for continuous monitoring of the patients and prediction of their arrival time in hospital in public healthcare emergency situations ^{[15,16,17,18,19]}. Through the optimization of the number of vehicles on the road and the routes that they travel, the Internet of Things (IoT) has the potential to increase savings on both fuel and maintenance costs. These statistics underscore the significant role IoT plays in transportation, healthcare, and various industries, reflecting its growth, challenges, and potential impact on the global economy. Further, Figure 1 shows the future market of IoT in the transportation market ^[3].

Every country in the world is committed to providing high-quality healthcare emergency services, which is underscored by extensive networks of healthcare facilities ^[5,6,7]. During emergencies, the rapid and secure transportation of patients and medical resources is of paramount importance, as Figure 2 shows ^[6]. Assessing security risks in IoTT applications ensures the uninterrupted functioning of healthcare services, enhancing the country's resilience in the face of healthcare crises. Furthermore, many countries place a strong emphasis on data privacy and compliance. The protection of sensitive medical data, in alignment with local regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), is a critical consideration ^{[20,21,22,23,24,25]}. A robust security risk assessment ensures that patient data remains confidential and compliant with relevant laws.

The evolving nature of cyber threats requires continuous assessment and adaptation of security measures. Not a single country is completely immune to the evolving tactics of cybercriminals ^{[26,27,28,29]}. Conducting security risk assessments allows for the identification and mitigation of emerging threats specific to the IoTT applications used in healthcare emergency services ^[30]. In addition, efficient resource allocation and management are central to effective healthcare emergency services ^{[31,32,33,34]}. Security risks, if not properly managed, can disrupt the optimal utilization of transportation assets and medical resources. An assessment helps in identifying vulnerabilities that may hinder resource optimization.

Public trust is essential in healthcare emergency services. Ensuring the security and reliability of IoTT applications reinforces trust in the healthcare system ^{[35,36,37,38,39]}. Every country and its commitment to delivering world-class healthcare services relies, in part, on the trust it instills in its citizens ^{[40,41,42,43]}. The security risk assessment of IoTT applications encompasses various Stages, and developers of IoTT applications and software categorize development tasks as either extensive, large, or small applications based on factors such as project team size, duration, and lines of code.

The points of contribution to this research effort are highlighted in the following:

●  Our literature review revealed that several academics have proposed a plethora of evaluation approaches to aid in the process of healthcare system security risk assessment. However, no substantial research assessing the risk components of security for IoT applications in transportation could be located. Contrarily, current healthcare assessment methods are designed to evaluate electronic medical records (EMR) and EHR database security.

●  Through the presentation of an assessment method that makes use of a hesitant fuzzy AHP TOPSIS methodology, this is the first effort to solve security risk issues that are associated with Internet of Transportation Things applications deployed in the healthcare industry. In this research endeavor, the author's overarching goal is to enhance the security of IoTT applications in the critical domain of healthcare emergency services. In the real world, it is always hard and complicated to deal with knowledge that is not clear. The idea of hesitant fuzzy sets along with AHP and TOPSIS makes it easier to deal with the confusion that comes from hesitating in decisions ^[41]. By leveraging the synergistic power of hesitant fuzzy AHP-TOPSIS, researcher aims to provide actionable insights and recommendations that empower stakeholders to make informed decisions, fortify security measures, and ultimately ensure the reliability and effectiveness of IoTT applications when they matter most—during healthcare emergencies such as COVID outbreak.

●  The security risk attributes that have been taken into consideration in this work have not been identified and assessed before for the sake of security in IoTT applications.

The motivations to conduct this research are mentioned below:

●  In addition, secure IoTT applications enable the safe storage of patient data as records and facilitate easy data access while also addressing concerns related to data theft and loss ^[10,11]. When building IoTT applications, the researcher requires input from multiple teams, and every expert may have a different opinion. Hence, multiple criteria decision-making (MCDM) techniques help establish a unified goal based on multiple expert opinions ^[12]. In this context, as described in this paper on security risk assessment goals for IoTT applications for healthcare emergency services, the author adopted a hybrid technique involving hesitant fuzzy set theory, AHP, and TOPSIS.

●  The hybrid technique of hesitant fuzzy AHP-TOPSIS offers a comprehensive approach to security risk assessment. It allows for a nuanced evaluation of security risks, considering multiple factors and their relative importances. The hybrid technique enables tailored risk mitigation strategies. In the context of IoTT applications for healthcare emergency services, customization is vital, as risks can vary widely based on specific applications and local conditions. Hesitant fuzzy AHP-TOPSIS provides decision-makers with actionable insights ^[7,10,11].

This research paper is structured as follows: Section 2 reviews related work in security risk assessment in the healthcare sector, explores various security concerns associated with IoTT applications healthcare emergencies, and presents an overview of the hesitant fuzzy AHP-TOPSIS research approach employed. Section 3 provides detailed empirical data analysis and conducts a comparative analysis with conventional approaches. Section 4 discusses this study's conclusions and key insights. Section 5 provides a concise summary of the research's significance in enhancing the security of IoT applications for healthcare emergency services.

2.   Materials and methods

2.1.   Literature review

In the ever-evolving landscape of IoT applications for transportation within the realm of healthcare emergency services, the paramount concern is ensuring the security and reliability of these systems ^[12]. Theoretical and empirical efforts are underway to strike a balance between assurance and security and practicality and usability ^[13,14,15]. This section builds upon and extends the foundation laid by previous studies in this field, offering a comprehensive overview of the research efforts that have paved the way for this investigation into security risk assessment in IoTT applications in healthcare emergency services.

The studies cited herein provide a solid foundation for this work, and the incorporation of hesitant fuzzy AHP and TOPSIS methodologies allows us to systematically assess and rank security risks, advancing the field's understanding and preparedness in this critical domain. Further, Table 1 shows the comparative overviews of the security risk assessment research studies and the applications of hesitant fuzzy AHP and hesitant fuzzy-TOPSIS methodologies.

After a systematic literature review of the above studies, it has been established that there are very few works in IoT for transportation applications in healthcare emergency services. Hence, an assessment for security risk in IoTT applications for healthcare is an important concern for reaserch. This work therefore focuses on such assessment using a hybird method of MCDM, the hesitant fuzzy AHP TOPSIS method. The next section describes the attributes that affect security risk in emergency healthcare services in IoTT.

2.2.   Security risks of IoTT applications in healthcare emergency services

Understanding the IoTT is crucial, as it involves the networking of interconnected devices and sensors that play a pivotal role in emergency healthcare transportation delivery. According to Ericsson, the IoT is projected to encompass 22 billion devices by the end of 2022, with experts from Business Insider anticipating a further increase to 30.9 billion by 2025 ^[3,4,5]. However, this rapid expansion of IoT devices in transportation also widens the potential attack surface for cybersecurity vulnerabilities within healthcare emergency services. In recent years, there has been a sudden and alarming surge in security incidents, including cyberattacks, data breaches, and compromising patients' data confidentiality and integrity. These incidents can be associated with cyberattacks on patients, healthcare workers, and healthcare facilities. The digital threats facing healthcare facilities are not limited to any one country; they are a global concern. Cyberattacks have impacted various healthcare facilities, including in high-income countries like the United States and Saudi Arabia ^[2,4].

Transportation applications that are based on Internet of Things devices are especially susceptible to network assaults, such as data theft, phishing, spoofing, and denial of service assaults (DDoS) ^[1,2]. These applications are essential for patient monitoring and logistics during times of emergency. These assaults have the potential to evolve into more severe cybersecurity risks, such as ransomware outbreaks and data breaches, which can impose significant financial and operational difficulties on healthcare institutions. Given these challenges, it becomes imperative to secure IoTT devices and networks in healthcare emergency services against cyberattacks. Measures should include robust encryption, secure communication protocols, and the elimination of default passwords widely known to hackers. Addressing personal information leaks and managing risks associated with automation and artificial intelligence (AI) technologies is vital to prevent unauthorized access and protect critical healthcare data.

Several illustrative cyberattacks underscore the vulnerabilities of IoTT devices within healthcare emergency services ^[3,4]. For instance, the Mirai botnet executed a massive DDoS attack in 2016 ^[5], disrupting various online services, demonstrating the potential for similar attacks on healthcare infrastructure. The Verkada hack in 2021 exposed the importance of stringent access control for security camera feeds in healthcare facilities ^[5,7]. Moreover, the Finland incident illustrated the real-world impact of IoT attacks by disrupting essential services, emphasizing the need for resilience. The Jeep Hack and Stuxnet serve as cautionary tales, illustrating the potential consequences of IoT vulnerabilities in healthcare, from compromised medical devices to espionage ^[6].

These examples underscore the critical need for robust IoTT security measures tailored to the unique challenges of healthcare emergency services. Protecting against the growing range of threats and vulnerabilities is paramount to ensuring patient safety, data integrity, and the seamless operation of healthcare services in an interconnected world. Worldwide, healthcare institutions are increasingly reliant on their information systems for a wide range of administrative, financial, and medical functions; this trend is causing concern due to the increasing usage of connected medical devices, cloud storage services, and the expanding network infrastructure. To provide security to these IoTT devices, it is imperative to find the security risks associated with these applications. Hence, in the context of IoTT applications, various security risks have been identified, as depicted in Table 2. It is worth noting that each security risk is interconnected with every attribute. In summary, the rising threat landscape in healthcare emergency services, exacerbated by cyberattacks and data breaches, underscores the critical importance of addressing security risks associated with IoTT applications ^{[7,8,9,10,13,14,15]}. These risks extend beyond national borders, affecting healthcare facilities worldwide and necessitating comprehensive security measures to protect patients' well-being and data integrity. Following are the definitions for each of the provided categories of security risks ^{[8,9,12,13,14,17,18,19,20,21,22,23,24,25,26,29]}.

●  Threats to Infrastructure Integrity: Risks associated with physical threats to transportation infrastructure, including damage or harm to the structural components.

●  Sabotage of Transportation Facilities: Deliberate actions intended to disrupt or destroy transportation facilities, such as bridges, roads, or railways.

●  Unauthorized Access to Critical Transportation Locations: Instances where individuals gain entry to secure transportation areas without proper authorization.

●  Cyberattacks on Transportation Networks: Malicious digital actions targeting the information technology systems and networks within transportation.

●  Data Breaches in Ticketing and Reservation Systems: Unauthorized access to and exposure of sensitive data related to ticketing and reservation systems.

●  Malware Targeting Transportation Infrastructure: Malicious software designed to compromise the security and functionality of transportation infrastructure.

●  Non-Compliance with Safety Regulations: Failure to adhere to safety regulations and guidelines in transportation operations.

●  Accidents Resulting from Non-Adherence to Safety Protocols: Incidents or mishaps that occur due to a lack of compliance with safety protocols.

●  Failure to Meet Transportation Security Standards: Inadequacy in meeting established security standards in the transportation sector.

●  Unauthorized Access to Patient Medical Records: Unauthorized viewing or retrieval of patient medical records.

●  Data Leakage from Medical Devices during Transit: Unauthorized disclosure or loss of data from medical devices during transportation.

●  Non-Compliance with Healthcare Data Privacy Regulations: Failure to adhere to regulations and standards governing the privacy of healthcare data.

●  Vulnerabilities in Medical Equipment: Weaknesses or security gaps in medical equipment that could be exploited by malicious actors.

●  Unauthorized Access to Medical Devices: Unauthorized entry or interaction with medical devices.

●  Tampering with Medical Sensors and Monitoring Systems: Malicious interference or tampering with sensors and monitoring systems used in healthcare.

●  Non-Compliance with HIPAA Regulations: Failure to comply with the HIPAA regulations related to patient data privacy.

●  Violations of Medical Transportation Standards: Breach of standards and protocols related to the transportation of medical equipment and supplies.

●  Legal Consequences of Non-Compliance: Legal and regulatory repercussions resulting from non-compliance with healthcare regulations.

●  Weaknesses in IoT Device Security: Inherent security flaws or weaknesses in IoT devices.

●  Unauthorized Access to IoT Devices: Unauthorized entry or control of IoT devices.

●  IoT Device Tampering: Malicious interference or tampering with IoT devices.

●  Data Breaches in Transportation IoT: Unauthorized access and exposure of data within transportation IoT systems.

●  Data Manipulation in Transit: Unauthorized alteration or manipulation of data in transit within IoT systems.

●  Encryption and Data Integrity Risks: Risks related to the security and integrity of data due to encryption vulnerabilities.

●  Cross-Sector Data Leakage: Unauthorized sharing or leakage of data between interconnected systems in different sectors.

●  Interference with Healthcare IoT Devices: Deliberate interference or disruption of IoT devices used in healthcare.

●  Regulatory Challenges in Cross-Sector Integration: Difficulties and challenges related to integrating IoT systems across different sectors while complying with regulatory requirements.

In the realm of healthcare emergency services, the need to address security risks associated with IoTT applications cannot be overstated.

In this interconnected landscape, compliance with healthcare regulations, such as HIPAA, is not just a legal obligation but a cornerstone for preserving data security and patient privacy during transportation. In sum, addressing these security risks is indispensable for healthcare emergency services to maintain the highest standards of patient care, data integrity, and operational efficiency in an increasingly digital and interconnected world.

2.3.   Methodology

Concurrently, the healthcare sector is undergoing profound transformations characterized by dynamic changes, particularly in data collection and security measures ^[30,31]. As a consequence, security attributes in both the healthcare sector and the design of IoTT applications have undergone enhancements across various dimensions, encompassing aspects such as risk assessment and authorization. Over the past few years, different types of methods have been introduced to assess the security risks associated with IoT devices utilized in the healthcare sector. Still, the increase in cyberattacks on the healthcare sector has given rise to challenges in making decisions concerning the implementation of the most appropriate assessment scheme. Hence, the primary aim of this research methodology is to evaluate and select the most optimal IoTT application or healthcare emergency services. At the outset, characteristics pertaining to security risk were ascertained from scholarly literature and subsequently exhibited during a consultation with panel of experts. In light of the objectives outlined in this paper, the present study introduces hesitant fuzzy AHP-TOPSIS as a comprehensive approach for assessing security risks within IoTT applications. This study delves into the evaluation of security risks based on IoTT applications, considering three, nine, and twenty-seven factors.

Subsequently, the study proceeds to determine the weights associated with these factors, thereby evaluating their influence on IoTT applications through the utilization of hesitant fuzzy-AHP. Following the derivation of these weights, an in-depth assessment of the impact of alternative solutions is conducted employing the hesitant fuzzy-TOPSIS methodology.

In this context, an extensive review of pertinent literature serves as the foundation for identifying various security risks and establishing criteria to scrutinize these risks effectively. Hesitant fuzzy-AHP emerges as the tool of choice for making multi-criteria decisions among alternative solutions. The procedure comprises four crucial steps:

●  Creating a security matrix and conducting pairwise comparisons.

●  Verification of further assessment for the presence of security attributes post pairwise comparisons.

●  Assignment of access privileges post hesitant fuzzy-AHP analysis.

●  Aggregation of ratings and subsequent calculation of security risk weights, culminating in their ranking.

The interconnections of different attributes form a hierarchical structure, as illustrated in Table 2. These attributes represent various security risks, with their respective weights determined by assessing their influence on factors and alternative solutions. These rankings are derived in accordance with this methodology employing hesitant fuzzy AHP-TOPSIS. The security risks associated with IoTT application planning frameworks assume a pivotal role as a precise mechanism and an indispensable foundation for prospective research initiatives.

Furthermore, the consistent emergence of decision-making challenges in achieving client objectives and handling sensitive information necessitates the exploration of various approaches and algorithms available in the literature to address these complexities. While multiple methods exist for assessing security risks, hesitant fuzzy-AHP emerges as a particularly suitable technique in comparison to other multi-criteria methods. Hesitant fuzzy sets proposed by V. Torra ^[41] are a different way to think about fuzzy sets. The goal is to model the uncertainty that comes from not being sure how to give membership degrees to elements in a fuzzy set. However, it is essential to acknowledge that hesitant fuzzy-AHP, while robust, cannot fully mitigate the inherent vagueness and imprecision associated with decision-making processes. Moreover, the hesitant fuzzy-AHP system heavily relies on subjective judgments and carries certain inherent limitations ^{[19,25,26,27]}. In order to effectively assess the effects of potential solutions in the IoTT application domain, a novel strategy that combines hesitant fuzzy sets with the AHP-TOPSIS method stands out.

Hesitant Fuzzy-AHP

The majority of problems that occur in the real world require decision-making solutions that include multiple criteria in order to address them and produce an informed choice. From the perspective of the MCDM methodology, the AHP is seen as being well-organized due to the fact that it offers professionals an effective solution ^{[29,30,31,32,33]}. The assessment of outcomes in this approach is linked to the notion of paired matrix sets. If there are several potential solutions, the expert judgements will have a major influence on these pair-wise comparisons. An integrated technique consists of two different MCDM approaches, wherein AHP provides the findings linked to prioritization, and TOPSIS evaluates the evaluated results on a variety of selected projects as trials.

Within the scope of this work, the hesitant-fuzzy approach is utilized in order to accomplish more accurate checks. Despite the fact that there are a variety of difficult approaches to the decision-making process for numerous criteria, TOPSIS is considered to be the most effective approach in this league. In order to provide a good framework for it, it takes into consideration optimal, positive and negative results ^[11]. This kind of circumstance calls for an additional standard for measuring the problems and circumstances that occur in the actual world; the reluctant factor of the technique that was taken provides this additional space to specialists during the measurement process. The most recent developments in hesitant fuzzy set theories have a strong belief in the expansion of complexity ^[22].

This tentative idea was proposed by V. Torra ^[41], but it has subsequently been refined by several researchers ^[24] to discuss membership functions. Research has broadened HFS use. According to K. Sahu ^[42], TOP-SIS is used in several fields, including cloud computing security. The suggested technique addresses contextual definition ambiguity and fuzziness quickly. Sun et al. ^[26] compared the results to other multi-factor decision-making processes, using a descriptive account of stock selection to validate the suggested method. They then utilized this to inform their prediction theory model. P. Singh ^[44,45,46] used automated transportation things for railways transportation. They reviewed recent trends of automation and future works in train transportation system during and after the COVID-19 pandemic.

For the purpose of assessing the ordering of various selected elements in hierarchy, this research offered the hesitant-fuzzy AHP. Subsequently, the hesitant fuzzy TOPSIS approach was utilized in order to test the results of these evaluated considerations in a variety of projects ^[47,48,49]. How the methodology that was chosen operates is as follows:

The first step is to create a tree-based structure by connecting a number of different aspects that are pertinent.

The second step involves doing pair-wise comparisons between these characteristics with the assistance of the linguistic words that are listed in Table 3. In order for professionals to acquire more precise results, a scale that is far higher has been defined. Within the context of this MCDM procedure, the dependent alternatives are identified.

The next step is to use hesitant based fuzzy set ^[24,34] for transformed numerical analyses. Consider C0 as the lowest significance and C_K to be the uppermost importance in the given scale of linguistics, and the statistical analyses are among Ci and Cj such that C0≤ Ci ≤ Cj ≤ C_K. Calculate weights as given in Eq 1.

where $\boldsymbol{W} = {({\boldsymbol{\omega }}_{1}, {\boldsymbol{\omega }}_{2}, \dots.{\boldsymbol{\omega }}_{\boldsymbol{n}})}^{\boldsymbol{S}}$represents the weight average as$\sum _{\boldsymbol{i} = 1}^{\boldsymbol{n}}\boldsymbol{W} = 1$, and ${\boldsymbol{b}}_{\boldsymbol{j}}$ takes implication equivalency to the maximum of ${\boldsymbol{a}}_{1}, {\boldsymbol{a}}_{2}, \dots..{\boldsymbol{a}}_{\boldsymbol{n}}$. Now, for assessing $\stackrel{~}{\boldsymbol{T}} = \left(\boldsymbol{a}, \boldsymbol{b}, \boldsymbol{c}, \boldsymbol{d}\right)$, the following Eqs 2–5 are used:

In this work, the author employed Eqs 6 and 7 for assessing first and second type weights.

The equation for first type weights is given as

(W1 = (${\boldsymbol{\omega }}_{1}^{1}, {\boldsymbol{\omega }}_{2}^{1}, {\dots \dots..\boldsymbol{\omega }}_{\boldsymbol{n}}^{1}$)):

The equation for second type weights is given as

(W2 = (${\boldsymbol{\omega }}_{1}^{2}, {\boldsymbol{\omega }}_{2}^{2}, {\dots \dots..\boldsymbol{\omega }}_{\boldsymbol{n}}^{2}$)):

From the equation ${\mathbf{\eta }}_{1} = \frac{\boldsymbol{\kappa }-(\boldsymbol{j}-1)}{\boldsymbol{\kappa }-1}$s, and ${\mathbf{\eta }}_{2} = \frac{\boldsymbol{\kappa }-(\boldsymbol{j}-1)}{\boldsymbol{\kappa }-1}$where K represents the maximum priority attribute, and i and j represent the lowest and average valued attributes.

Step 4: For calculating the results of ($\stackrel{~}{\boldsymbol{A}}$), the following Eqs 8 and 9 were employed.

Step 5: It is now time to defuzzify the evaluated weights, which are represented by Eq 10, d = (l, m1, m2, h), by applying the formulas that are listed below.

Following that, it is necessary to have an understanding of the consistency ratio by applying the equations that are shown in Eqs 11 and 12:

The coefficient index (CI) represents the ratio of consistency, while the vector is represented by λ_max. Additionally, the numerical weights for evaluation are displayed by n. Furthermore, the random number is displayed by RI in the analysis section. At this point, the value of the consistency ratio must be less than 0.1.

Step 6: The following Eq 13 is now used to assess geometric mean.

Step 7: At this point, it is time to examine the factor weight that has been ranked the highest by applying the algorithm stated in Eq 14.

Step 8: As the eighth phase, the values will now be defuzzified using Eq 15.

Step 9: All of the weights that have been defuzzified need to be normalized in form using Eq 16.

Utilizing hesitant-fuzzy TOPSIS, the subsequent step is to ascertain which solution is the most suitable. As an approach to MADM that is frequently utilized, TOPSIS enables specialists to determine the most effective answer for problems that occur in the actual world. With their very first proposal, R. M. Rodríguez ^[43] presented TOPSIS to the world. The findings that are positive are the most significant and effective ones, while the outcomes that are negative are the ones that are the least effective. Hesitant-fuzzy TOPSIS is used to demonstrate the recommended analysis study of security estimations in healthcare perspectives. We prioritize certain components of these standards to do this. TOPSIS uses an envelope algorithm ^{[38,39,40,41,42,43]} to calculate distances of H1s and H2s.

$\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}$(H1s) = [Cp, Cq], and $\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}\left(\boldsymbol{H}2\boldsymbol{s}\right) = \mathbf{ }[{\boldsymbol{C}}_{\boldsymbol{p}}^{\mathbf{*}}, {\boldsymbol{C}}_{\boldsymbol{q}}^{\mathbf{*}}]$. The distance is defined as Eq (17):

Detailed steps are described as follows:

Step 10: Let us consider that their M experiments are selected as alternatives$\left(\boldsymbol{T} = \left\{{\boldsymbol{T}}_{1}, {\boldsymbol{T}}_{2}, \dots..{\boldsymbol{T}}_{\boldsymbol{M}}\right\}\right)$as well as N factors for layer$(\boldsymbol{T} = \left\{{\boldsymbol{T}}_{1}, {\boldsymbol{T}}_{2}, \dots..{\boldsymbol{T}}_{\boldsymbol{N}}\right\})$.

${\boldsymbol{e}}_{\boldsymbol{x}}$ describes the expertise of experts E.

${\stackrel{~}{\boldsymbol{X}}}^{\boldsymbol{l}} = {\left[{\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{l}}\right]}_{\boldsymbol{M}\times \boldsymbol{N}}$is considered as a fuzzy matrix associating hesitant theory, and${\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{l}}$portrays the investigational and attribute-based results produced by experts${\boldsymbol{e}}_{\boldsymbol{x}}$.

The different linguistic scale for the TOPSIS methodology ^[35,36,37] is described as follows:

The scale consists of {nothing, very bad, bad, medium, good, very good, perfect}.

${\boldsymbol{r}}_{1}^{1}$ = between medium and good (bt M & G)

${\boldsymbol{r}}_{2}^{1}$ = at most medium (am M)

${\boldsymbol{r}}_{1}^{2}$ = at least good (al G)

${\boldsymbol{r}}_{2}^{2}$ = between very bad and medium (bt VB & M)

The numerical analysis of theory is computed using equations as given in ^[42]:

${\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}}_{\boldsymbol{F}}$(EGH (btM & G)) = T (0.33, 0.5, 0.67, 0.83)

${\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}}_{\boldsymbol{F}}$(EGH (amM)) = T (0, 0, 0.35, 0.67)

${\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}}_{\boldsymbol{F}}$(EGH (alG)) = T (0.5, 0.85, 1, 1)

${\boldsymbol{e}\boldsymbol{n}\boldsymbol{v}}_{\boldsymbol{F}}$(EGH (btVB & M)) = T (0, 0.3, 0.37, 0.66)

Step 11: Subordinate the quantitative analysis of results $\left({\stackrel{~}{\boldsymbol{X}}}^{1}, {\stackrel{~}{\boldsymbol{X}}}^{2}\dots \dots {\stackrel{~}{\boldsymbol{X}}}^{\boldsymbol{K}}\right)$, helping the author to portray a matrix (Eq 18) as xij = [Cpij, Cqij].

Step 12: α_b portray the lower effective attributes set as well as α_c portray the lowest affective experiments.

Taking into consideration the positive HF set (Eq (19–22)), which is indicated by ${\stackrel{~}{\boldsymbol{T}}}^{+}$as well as equation is described as ${\stackrel{~}{\boldsymbol{T}}}^{+} = ({\stackrel{~}{\boldsymbol{V}}}_{1}^{+}, {\stackrel{~}{\boldsymbol{V}}}_{2}^{+}, \dots {\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{n}}^{+})$ where ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{j}}^{+} = \left[{\boldsymbol{V}}_{\boldsymbol{p}\boldsymbol{j}}^{+}, {\boldsymbol{V}}_{\boldsymbol{q}\boldsymbol{j}}^{+}\right](\boldsymbol{j} = 1, 2, 3\dots.\boldsymbol{n})$similarly the negative value is displayed as${\stackrel{~}{\boldsymbol{T}}}^{-}$and equation is denoted as${\stackrel{~}{\boldsymbol{T}}}^{-} = ({\stackrel{~}{\boldsymbol{V}}}_{1}^{-}, {\stackrel{~}{\boldsymbol{V}}}_{2}^{-}, \dots {\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{n}}^{-})$ where ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{j}}^{-} = \left[{\boldsymbol{V}}_{\boldsymbol{p}\boldsymbol{j}}^{-}, {\boldsymbol{V}}_{\boldsymbol{q}\boldsymbol{j}}^{-}\right](\boldsymbol{j} = 1, 2, 3\dots.\boldsymbol{n})$.

Define ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{p}\boldsymbol{j}}^{+}$, ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{q}\boldsymbol{j}}^{+}$, ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{p}\boldsymbol{j}}^{-}$ and ${\stackrel{~}{\boldsymbol{V}}}_{\boldsymbol{q}\boldsymbol{j}}^{-}$ as

and ${\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i} = 1}^{\boldsymbol{K}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{x}}\right)\right)\boldsymbol{j}\in {\boldsymbol{\alpha }}_{\boldsymbol{c}}$) (19)

and ${\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i} = 1}^{\boldsymbol{K}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{x}}\right)\right)\boldsymbol{j}\in {\boldsymbol{\alpha }}_{\boldsymbol{c}}$) (20)

and${\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i} = 1}^{\boldsymbol{K}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{x}}\right)\right)\boldsymbol{j}\in {\boldsymbol{\alpha }}_{\boldsymbol{b})}$ (21)

and${\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i} = 1}^{\boldsymbol{K}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}}_{\boldsymbol{i}}\left({\boldsymbol{m}\boldsymbol{i}\boldsymbol{n}\boldsymbol{H}}_{{\boldsymbol{S}}_{\boldsymbol{i}\boldsymbol{j}}}^{\boldsymbol{x}}\right)\right)\boldsymbol{j}\in {\boldsymbol{\alpha }}_{\boldsymbol{b})}$ (22)

Step 13: The authors adopted the following Eq (23, 24) by explaining ${\boldsymbol{N}\boldsymbol{D}}^{-}$ and respectively, in order to demonstrate positive and negative examples of research findings.

Step 14: Coefficient of Closeness is evaluated by following Eqs 25 and 26.

where

Step 15: At the very end of the process, we grouped the options according to the values of their proximities to one another. The real evaluation of the approach is given in the next section.

3.   Empirical evaluation and results

The hesitant fuzzy AHP-TOPSIS methodology involves assigning weights to security risk factors mentioned in Eqs 1–17, corresponding to various risks listed in Table 2. The hesitant fuzzy-TOPSIS process determines the ranks of these security risks. Once a researcher has obtained both the weights and ranks for these security risks, the researcher assesses the degree of closeness and analyzes whether these results should be applied to IoTT applications across various hospitals. While subjective estimation is suitable for evaluating security risks, quantitatively assessing IoTT applications can be challenging. However, with the assistance of the hesitant fuzzy AHP-TOPSIS method, the researcher can quantitatively evaluate security risks. The security risk factors have been thoroughly discussed at various Stages in the previous sections.

As shown in Table 2, the characteristic of one Stage can influence other properties at a higher Stage, although the impact may not be the same; it can vary. To facilitate the assessment, authors have converted these grouped properties into a hierarchy, as indicated in Table 2. For the sake of clarity in the assessment, security risk factors of IoTT applications at Stage 1 are labeled as C1, C2, and C3. Similarly, other security risks are denoted as discussed in the previous sections. Furthermore, the definitions of all selected security risks have also been provided in the earlier sections. To assess the security risks of IoTT applications for healthcare services, the authors employed Eqs 1–26 of the hesitant fuzzy AHP-TOPSIS method as follows:

With the support of Table 3 and Eqs 1–9, the researcher in this work interpreted textual terms into numerical values and integrated them into triangular fuzzy numeral values. Using Eqs 3–6, crisp estimated standards were converted into triangular fuzzy numbers. The Stage 1 comparative analysis matrices were then computed pair-wise, as shown in Table 4. Subsequently, the consistency index and random index (RI) were calculated using Eqs 10 and 11. The RI value for these pair-wise assessments was below 0.1, indicating the consistency of the matrices in pair-wise comparisons. To defuzzify a matrix of pair-sided measurements at tier two, the formulation provided in Eqs 12–17 was employed, and the results are presented in Table 4. Similar pair-wise matrix comparative assessment matrices were determined for Stage 2 and Stage 3 factors, and systematic findings were extracted from all these respective matrices. A matrix was developed representing criteria (factor) weights relative to their comparables, as shown in Table 5. Attribute rankings based on their weights are also presented in Table 5.

After collecting the weights of variables using the hesitant fuzzy-AHP procedure, the TOPSIS system employs these weights as input and provides rankings for each alternative solution. For this research, seven different alternatives representing healthcare software systems were considered. These alternatives were chosen for their specific features and capabilities. They are referred to as follows: mediXcel Electronic Medical Records (EMR) ^[32], Trio Hospital Information System (HIS) ^[33], Caresoft HIS ^[34], GeniPulse ^[35], LiveHealth for diagnostic ^[36], Visual Hospital Management ^[37], and NextGen ^[38], denoted as IoTTHA1, IoTTHA2, IoTTHA3, IoTTHA4, IoTTHA5, IoTTHA6, and IoTTHA7.

mediXcel EMR, Trio HIS, Caresoft HIS, GeniPulse, LiveHealth (diagnostic), Visual Hospital Management, and NextGen are diverse healthcare software systems that cater to the unique needs of healthcare providers. mediXcel EMR specializes in EMR, digitizing patient data to enhance care delivery efficiency. Trio HIS offers a comprehensive HIS, managing patient records, billing, appointments, and inventory. Caresoft HIS streamlines hospital management tasks, integrating patient data and billing. GeniPulse focuses on EMR and practice management. LiveHealth supports diagnostics by managing samples and results. Visual Hospital Management aids in visualizing and coordinating hospital operations. NextGen provides EMR, practice management, and revenue cycle management solutions to enhance patient care and provider operations.

Hesitant fuzzy AHP-TOPSIS requires performance ratings over standardized variables for each alternative choice. Eqs 18 and 19 and Table 3 are used to standardize the decision matrix, which is developed for m requirements and n alternatives. Each cell in the standardized decision matrix represents the normalized performance value, multiplied by the weights of each set of criteria (Table 6). A fuzzy weighted standardized decision matrix was calculated using Eqs 20–22, and the results are presented in Table 7. The FPIS and FNIS were calculated with Eqs 23. The range of each option's value from the FPIS matrix and FNIS matrix was determined using Eqs 24 and 25. Finally, the parameter's success score was determined using Eq 26, and the ratings of the alternatives were calculated based on the estimated performance ratings, as shown in Table 8 and Figure 3. Figure 3 shows that IoTTHA1 has the highest rating among all alternatives. The alternatives are ranked as follows: IoTTHA1, IoTTHA2, IoTTHA4, IoTTHA7, IoTTHA6, IoTTHA5, and IoTTHA3, respectively.

To ensure the validity of this findings for each variable, the researcher conducted a rigorous sensitivity analysis, meticulously considering the weights assigned to these variables ^{[25,26,27,28]}. In the context of this research focused on IoTT applications for healthcare services, this sensitivity analysis underwent thorough validation through a series of multiple experiments, each targeting a specific factor. The outcome of this comprehensive analysis is presented in Table 9, revealing a diverse spectrum of results. The satisfaction degree, often referred to as closeness coefficient, plays a pivotal role in this analysis. It is meticulously calculated based on the weight assigned to each individual factor, particularly at the final evaluation stage, leveraging the robust hesitant fuzzy AHP-TOPSIS methodology. These intricate calculations and their corresponding results are thoughtfully visualized in Table 9 and Figure 4.

In the comprehensive tableau of Table 9, the initial row impeccably captures the original weights, providing a crucial reference point for the subsequent analyses. Simultaneously, Figure 4 offers an insightful visualization of the initial dataset. The initial insights drawn from these original weights reveal that IoTTHA1 consistently exhibits a remarkably high satisfaction degree. However, the essence of this investigation unfolds when the researcher delves into the outcomes of the 28 experiments conducted, ranging from Exp-0 to Exp-27. Throughout this extensive experimentation process, a compelling pattern emerges—Exp-1 steadfastly maintains its position with a high satisfaction degree. In contrast, Exp-3 consistently emerges as the least weighted alternative in each of these experiments. These intriguing variations observed across the spectrum of experiments underscore the paramount importance of the weights assigned to the factors. It becomes evident that alternative rankings are acutely sensitive to the specific weight allocations, shedding light on the intricacies of this analytical framework.

In a comprehensive comparative analysis, it becomes evident that varying methodologies yield distinct data outputs. The reliability and efficiency of any given technique can only be effectively ascertained when subjected to a battery of different methods for validation ^{[19,20,21,22]}. In the context of this research, the researcher has employed the hesitant fuzzy AHP-TOPSIS methodology to meticulously assess the efficiency, as well as the degree of closeness or accuracy of the obtained results. It is worth noting that in other methodologies such as fuzzy AHP-TOPSIS ^[23,24,25], hesitant fuzzy AHP-VIKOR ^[26,27], and hesitant fuzzy AHP-ELECTRE ^[31,39], the process of data compilation and estimation remains consistent with that of the hesitant fuzzy AHP-TOPSIS method. These methodologies share a common foundation in terms of data handling and estimation.

However, the key distinction comes to light when the researcher examines the disparities in the results achieved through hesitant fuzzy and conventional AHP-TOPSIS methodologies, as exemplified in Table 10 and Figure 5. Notably, the outcomes generated by the hesitant fuzzy AHP-TOPSIS method exhibit a remarkable degree of consistency and correlation with those obtained through the fuzzy AHP-TOPSIS, hesitant fuzzy AHP-VIKOR, and hesitant fuzzy AHP-ELECTRE methodologies. This high degree of interrelatedness is quantified by a Pearson correlation coefficient of 0.99785. Ultimately, this comparative analysis underscores the enhanced reliability and efficiency of the hesitant fuzzy AHP-TOPSIS methodology. It emerges as the superior approach when juxtaposed with the fuzzy AHP-TOPSIS, hesitant fuzzy AHP-VIKOR, and hesitant fuzzy AHP-ELECTRE techniques. This robust methodology not only demonstrates its effectiveness but also reaffirms its status as the preferred choice for achieving precise and dependable results.

4.   Conclusions

Hesitant fuzzy AHP-TOPSIS is a crucial security risk assessment tool for web-based healthcare applications. This study investigated local hospitals to prove the developer's framework's importance in IoTT application security. The developer framework is more important when security concerns shift to sustainable and secure website design. After investigating these issues, this research produced a hierarchical framework that identifies key components in a hospital's sustainable security plan within the developer framework.

A smart city represents the most commonly covered area of the Internet of Things (IoT). In these smart cities, blockchain technology is utilized to enhance real-time data sharing, electricity trading, and other related activities. Furthermore, it has been demonstrated that, despite the numerous advantages offered by blockchain technology in the healthcare industry, authors often employ it for managing medicine supply chains and data management. This is done to prevent counterfeiting and to empower patients regarding their data, respectively ^[47,48,49]. As IoTT applications gain increasing importance, their usage and complexity continue to escalate. The exponential growth in security assessments emphasizes the need for a digital hospital developer framework that prioritizes robust security and effective sustainability.

The evaluation and assessment of security risks are pivotal in achieving sustainable security. This research seamlessly integrates security and sustainability factors, systematically evaluating sustainable security. The outcomes of this study will facilitate developers in seamlessly integrating sustainable security into the development life cycle of IoTT applications. This research engaged in the scrutiny of diverse IoTT applications across different hospital settings, extracting insights from experts concerning the causative factors related to sustainability, design, and security of specific IoTT applications. This expert-derived data was meticulously analyzed using the hesitant fuzzy AHP-TOPSIS methodology.

This comprehensive research framework is centered around the development and evaluation of secure IoTT applications. The paper expounds upon security factors and their alternatives, drawing insights from case studies conducted in various hospitals employing different hospital management system applications. This research is poised to guide engineers in enhancing IoTT application development across their life cycle.

While numerous security assessment models and techniques exist in the literature for independently evaluating security, models or techniques seamlessly incorporating security into the hesitant fuzzy-AHP approach remain relatively scarce. Within this work, the researcher scrutinized 27 core security risks and seven alternatives pertaining to web-based applications. These alternatives were meticulously selected following consultations with experts and the aggregation of their opinions regarding risk planning, mitigation and security attributes specific to web-based applications.

The salient findings of this work can be distilled as follows:

●  Quantitative results obtained through hesitant fuzzy AHP-TOPSIS will aid professionals in categorizing the highest-ranked components of an electronic hospital management system.

●  The hesitant fuzzy-AHP method assigns weights to risk attributes, while hesitant fuzzy-TOPSIS provides rankings for these attributes.

●  A comparative analysis of hesitant fuzzy AHP-TOPSIS with conventional AHP-TOPSIS underlines the superiority of the former methodologies.

●  Sensitivity analysis quantifies the satisfaction degree for IoTT applications.

●  Prioritizing the web-based hospital management system is imperative for both future research and ongoing endeavors aimed at optimizing IoTT application efficiency. This evaluation will provide engineers with invaluable insights into the security framework.

●  Recommendations for enhancements can be extrapolated from this assessment to guide engineers in refining security structures, leveraging highly structured components. However, it is essential to acknowledge certain limitations:

●  The data collected for web design, while significant, remains limited in scope. Results may exhibit variations with a larger dataset.

●  There may exist additional security design factors beyond those identified within this work.

This paper has conducted an exhaustive examination of security risks affecting IoTT applications, particularly within the healthcare sector. Furthermore, it has explored various security countermeasures for these risks. To mitigate the risk of data breaches in IoTT applications, this study conducted a risk assessment and harnessed the innovative AHP-TOPSIS methodology to craft a bespoke technique tailored to the unique healthcare industry requirements. In addition, there are a few restrictions that apply to this study. These restrictions are as follows:

●  Due to the study's limitation to the collected data, there may be additional factors related to healthcare transportation services that could not be included in the investigation.

●  The AHP-TOPSIS methodology is employed to assign distinct security risk factors for evaluation. Furthermore, this research article presents rankings and weights for various security variables.

In addition, this study has the potential to be expanded in a number of different areas, including the following:

●  Authors can conduct a series of interviews with a diverse group of healthcare drivers, such as ambulance drivers of different genders, ages, nationalities, and so on. This approach aims to gain a better understanding of all the roles and duties that drivers are expected to perform to ensure the success and security of healthcare operations.

●  Identify potential alternatives for the new designs of safe and risk-free transportation. Subsequently, model those possibilities to address the impending issues posed by the pandemic.

●  Develop a comprehensive cost-benefit model that can be used to account for the initial investment and operational expenditures associated with the deployment of healthcare technology. Additionally, consider the benefits that could be obtained.

Thus, the rigorously validated and highly conclusive results emanating from this study will provide software and IoTT application developers with invaluable insights when embarking on web-based application development.

Use of AI tools declaration

The authors declare they have not used artificial intelligence (AI) tools in the creation of this article.

Acknowledgments

The authors extend their appreciation to the Deanship of Scientific Research, Imam Mohammad Ibn Saud Islamic University (IMSIU), Saudi Arabia, for funding this research work through Grant No. (221409015).

Conflict of interest

The author declares no conflict of interest.