Fuzzy-Based Unified Decision-Making Technique to Evaluate Security Risks: A Healthcare Perspective

Abstract

Neoteric biomedical, technological, and normative shifts have prompted care firms to establish clinical governance as a contrivance to assure high-quality service in an exceedingly intricate milieu. Web security is an epochal concern in the healthcare sector, although it has garnered scant attention since the inception of web applications. The necessity to provide adequate security for healthcare web applications (HWAs) cannot be exaggerated, as umpteen health agencies are contingent on them to carry out their operations. Every healthcare organization renders a humongous volume of data available online to practitioners, pharmacies, and patients. Researchers are continually endeavoring to ameliorate techniques to increase the security and longevity of HWAs. In this context, experts examined certain imperative security risks in HWAs to quantitatively evaluate them in the design phase and covered numerous facets of HWAs, along with their security attributes and risk factors. The authors have proposed a combined approach of fuzzy-based symmetric techniques, i.e., AHP-TOPSIS (Analytic Hierarchy Process–Technique for Order of Preference by Similarity to Ideal Solution), for the assessment of alternative HWAs, leveraging the multi-criteria decision-making (MCDM) approach. Ten consecutive HWAs from local hospitals in Uttar Pradesh, India, have been taken to estimate the security risk, incorporating this methodology to evaluate the priority of weightage and the impact of security attributes. Henceforth, the findings and methodology employed in this study can assist security practitioners in identifying and prioritizing the most influential risk factors to secure HWAs and encourage them to develop revamped or novel methods.

1. Introduction

In this rapidly evolving IT world, scientific communities, local or multinational businesses, and the medical sector rely extensively on computers to store sensitive data. The dispensation of healthcare amenities is being reformed from an archaic hospital-centric model to a more virtual, dispersed service that extensively exploits the most recent technologies such as the 3D printing of tissues and implants, intelligent machines, genomics, data analytics, and robotics. This advancement has transformed the working environment of web applications via myriad innovative techniques to help them carry out their tasks quickly and efficiently. Medical workers are assigned a copious assemblage of responsibilities, and managing them is more intricate and arduous. Plenty of patients’ documentation has to be managed, including tracking inventory, the working schedules of doctors, records for keeping bills, patient reports, etc. [1]. Due to the ubiquitous use of computers, healthcare web applications (HWAs) are becoming inexorably convoluted and require high levels of security [2]. The security assessment process gives HWA practitioners the assurance that the presence of any vulnerability will not have a negative impact on their systems and that they can always use mitigation techniques. Hereby, this process maximizes the success of user satisfaction on HWA systems, but in the present scenario, security issues are constantly evolving due to the heterogeneous nature of HWAs. Digital technology is being researched and implemented in all facets of healthcare. Figure 1 divides the numerous HWAs into several application domains; however, there are thousands of distinct applications [3].

The security estimation of HWAs focuses on the functional aspects of the application and its ability to endure a malicious attack and recover without data loss or any other abnormality. Security breaches are compromising thousands of health records. Ample statistics have shown data breach instances, and recently, innumerable incidences of the inadvertent loss or theft of sensitive clinical data have been documented [4,5] that have affected patients. Moreover, threats from botnets (a network of surreptitiously infected computer systems due to malware) have increased drastically. Cybercriminals purchase access to botnets and use the network of infected computer systems for various crimes, usually financial data thefts, the dissemination of spam, concealing other crimes, or distributed denial of service (DDoS). According to a recent study, every year, almost 25 million compelled authorizations for the disclosure of healthcare records are issued in the United States [6]. According to the Cyber Crime Website of the Department of Justice, USA [7], a company has reportedly suffered a loss of more than USD 100,000 as a result of cybercrime. As per a white paper published by Cyber Unit CCIPS, US Department of Justice, many public and private organizations are increasingly adopting vulnerability disclosure programs, which increase their ability to detect security issues, protect sensitive data, and prevent the disruption of services [8]. A built-in software security framework that includes all security attributes can be a viable and potent solution to numerous security issues [9,10]. It can prove to be a boon to the users, organizations, and governments that spend billions of dollars every year on securing their networks.

Consequently, to secure an individual’s data, three major security factors and privacy goals are commonly identified as the CIA (confidentiality, integrity, and availability) triad [11,12]. There is a significant necessity to the CIA triad: confidentiality must be included for highly sensitive data; integrity is essential because it may be fatal to provide an inaccurate procedure based on faulty medical data; and availability is also necessary because the data must be available on time for adequate treatment. In the medical field, the security and privacy of individual data are critical, and it is a major challenge to protect healthcare data [13].

Often, experts in the IT industry have focused on the deployment phase of HWAs to improve security longevity and minimize maintenance costs and time. However, integrating security and unearthing vulnerabilities early in the design phase of web applications can reduce the time and cost of development by minimizing the development team’s work [14,15,16]. This reveals the impact of vulnerabilities that can affect healthcare web applications’ integrity, violate confidentiality and privacy norms, and exploit loopholes in the design phase. Moreover, security flaws in the design may also cause the application to violate its security and result in the unauthorized disclosure, modification, and destruction of data [17]. The vulnerability may impact exhaustive data theft, malware, and spyware injection that may cause failure in the entire HWA security. In light of this, it has become vitally important in today’s environment to ensure security from the early stages of the software development life cycle (SDLC). In accordance with a recent study, software organizations are contemplating implementing a software security risk in the early phase of development rather than depending on the later phase of the SDLC. This step could improve the situation and reduce losses to a substantial level. In addition, techniques of security optimization can further help security practitioners and researchers reduce the time and cost required for developing an HWA system. Moreover, in-depth identification, analysis, and mitigation will deliver a quality product.

Despite the increasing prevalence of HWAs in contemporary healthcare systems, there is a notable research gap in comprehending certain security issues and risk factors pertaining to these applications. Prior research has predominantly focused on generic web application security with minimal emphasis on the specific risks and vulnerabilities that are unique to HWAs. This study aims to address this research gap by:

• Conducting an extensive analysis of the inherent security risks of HWAs, considering factors such as patient data confidentiality, secure data transmission, access control, and authentication.
• Examining the impact of these security risks on the availability, confidentiality, and integrity of sensitive healthcare data.
• Identifying and prioritizing the most significant security risk factors requiring immediate attention and effective mitigation strategies.
• Providing healthcare organizations, developers, and security professionals with actionable recommendations and guidelines to improve the security of HWAs and protect patient data.

This study advances the field of HWA security by addressing these research gaps. The findings provide insights and practical implications for healthcare organizations and security practitioners, allowing them to proactively address the unique security challenges posed by HWAs and safeguard sensitive healthcare data. This research paper contributes significantly to the field of HWA security by introducing the AHP-TOPSIS (Analytic Hierarchy Process–Technique for Order of Preference by Similarity to Ideal Solution) system. Multiple HWAs are scrutinized, and their potential security risks are evaluated using the MCDM approach. The authors conducted an empirical study based on MCDM and have acknowledged numerous studies on the methods of risk management strategies. The proposed methodology is based on risk assessment in HWAs, which identifies, maps, prioritizes, and evaluates the impact of risk factors on various alternatives, as discussed below:

• The identification of security risk factors and attributes: It creates a roadmap for security professionals for the development of secure healthcare web applications. The identification aim is to target key risk factors at the design phase to mitigate them at the earlier phase of the development life cycle.
• Mapping security risk factors with security attributes: This may be done through an in-depth literature survey and expert points of view. It gives developers an understanding and overview, i.e., whether the security requirements are fulfilled or not.
• The prioritization of security risk factors: The authors used fuzzy AHP for the prioritization of security risk factors corresponding to their respective weights and ranks.
• The impact of attributes on alternatives: The fuzzy AHP-TOPSIS is used to evaluate the impact of attributes on different alternatives. The identification and prioritization of the risk factors will provide a path to develop a secure healthcare web application.

The paper is organized in the following manner: Section 2 reviews the existing literature in this domain. Section 3 discusses the software security risk factors along with their related attributes in healthcare web applications. In Section 4, the methodology and numerical analysis of the experimental data are described in depth. The paper is concluded in Section 5 with a succinct analysis and discussion.

2. Related Work

Several studies have been undertaken by researchers using multiple methodologies and symmetrical techniques to analyze the security of healthcare web applications. Along with fuzzy AHP, symmetrical TOPSIS techniques have been utilized in various domains of interest to improve security measures and handle MCDM (multi-criteria decision-making)-based problems. Considerable research on the security of healthcare web applications has previously been conducted utilizing various methodologies and techniques. The following research studies have been reviewed by the authors in this domain:

Abdulaziz et al. (2022) examined big data security by identifying and prioritizing security measures using two hybrid approaches. The approaches include fuzzy AHP and classical AHP. The fuzzy AHP approach quantitatively analyzes as well as prioritizes the different factors based on their weight to enhance overall security. The early identification of vulnerability will heighten the security and durability of big data, which will benefit consumers and enterprises. This study’s findings showed that MCDM approaches, i.e., fuzzy AHP, demonstrated more efficient results than classical AHP. It is helpful in the procedures of decision-making to alleviate the problem of uncertainty [18]. Alfakeeh et al. (2022) used AHP-TOPSIS with a hesitant fuzzy technique to forecast the risk of different healthcare applications. This approach is used to measure the security and durability that would help in designing secure healthcare applications. The authors selected 10 alternatives to evaluate the efficiency and security of applications. Among the 10, alternative 6 provided the most efficient and long-lasting security. Furthermore, the authors concluded that security breaches could be considerably mitigated if addressed early in their development phase and prioritized security as the topmost concern [19].

Lotfi et al. (2022) asserted that a strategy called Resilience and Sustainable Health Care Supply Chain (RSHCSC) with VMI, which combines fuzzy and data-driven robust optimization, is suitable for enhancing the inventory management system and addressing unpredictability and disruption. The use of hybrid fuzzy and data-driven robust optimization with a stochastic programming technique was suggested for three RSHCSC models. Essential variables such as fuzzy cut, robustness and resilience coefficient, level of confidence, and size models were subjected to sensitivity analysis. According to the results, as the fuzzy cut, robustification coefficient, confidence level, resiliency coefficient, and CVaR confidence level increase, the number of costs also increases [20]. To determine which maturity model best adheres to TQM (Total Quality Management) principles for Industry 4.0 maturity models, Zceylan and Elibal (2022) used the linguistically fuzzy TOPSIS (Technique for Order Preference by Similarity to Ideal Solution) method for ranking and the DEMATEL (Decision-Making Trial and Evaluation Laboratory) method for weighting criteria. Seven main criteria and 33 supporting factors were used to assess the maturity of four Industry 4.0 models. Researchers and practitioners can use the study’s findings to compare, create, and improve Industry 4.0 maturity models [21].

Abushark et al. (2021) defined several taxonomies and created a design hierarchy, incorporating the most prevalent quality evaluation factors, which integrate variables, characteristics, and traits from different Security Requirements Engineering (SRE) methodologies. The fuzzy AHP-TOPSIS model was utilized in this paper as an MCDM (Multiple-Criteria Decision-Making) model. The author defined the STORE technique as a highly consistent and usable approach among all other SRE techniques with a threat-driven approach. In addition, they concluded that STORE elicits security requirements in an efficient and well-organized manner [22]. Kumar et al. (2021) identified and analyzed the characteristics of security and sustainability. In this study, the fuzzy AHP algorithm was utilized for quantitative assessment, which was verified by four other approaches based on AHP. As a result, the evaluation of security in this study can assist developers in formulating standards that will ensure the development of more secure online applications [23].

Attaallah et al. (2020) discussed security as a critical aspect in the process of software development that must be considered during its development cycle. Thus, the researcher evaluates the effect of security risks using the integrated approach of TOPSIS and fuzzy AHP. This hybrid approach is ideal for evaluating malware analysis on the basis of its impact. According to the evaluation report, among the 10 institutions, the 8th institutional web application was determined as the most efficient and durable security system among all competing options [24]. Al-Zahrani (2020) reviewed healthcare applications to ensure software usability and security by using the hybrid technique. The author suggested that security experts must design a healthcare web application with two intents; it ensures usability, given to fulfill the users rather than ensuring the optimum security and efficacy of security as well as usability in the early development phase [25].

Altowaijri (2020) proposed a framework for the healthcare sector to enhance the healthcare security of cloud computing. The author introduced the concept of master nodes and slave nodes in his architecture to store the data. In this architecture, the master node keeps metadata; on the other side, the responsibility of the slave node is to store data. The sensors can access all consumers’ data and ensure its efficiency as it is in a quasi-structured form, and these data are easily accessible. This architecture stores data in encrypted form. It is based on the RSA (Rivest Shamir Adleman) and PKI (Public Key Infrastructure) algorithms, which provide accessibility to authorized users at a certain time to access the data of particular patients [26]. Abu-elezz et al. (2020) investigated healthcare blockchain technology’s scoping review with strengths and risks. This research was carried out in three phases: the identification phase, the screening phase, and the eligibility phase. These filtering stages were conducted through a flow diagram of Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA). Researchers have suggested that this analysis will help to obtain a more precise understanding, owing to various constraints. The findings of this analysis must be viewed with caution, and this scoping review provides useful insights, particularly in medical care [27].

3. Security Risk Factors and Attributes

Software security is the branch of software engineering that aims to prevent the exploitation of security loopholes in the system and detect possible vulnerabilities that may prove detrimental to the software. The successful implementation of a security plan may converge the developing team’s entire focus to select periodic errors/vulnerabilities that may have impacted the healthcare web application system and can prepare a strategy for a timely recovery. In this section, several security attributes and security risk factors are identified on behalf of the literature survey and from the expert’s viewpoint. The use of security attributes in the development lifecycle comes under the ambit of security plan specifications at various stages, without which the security of the software system cannot be insured.

3.1. Security Attributes

Security is a multidimensional and comprehensive process that involves a large gamut of operations divided into several stages to ensure the in-depth analysis of security-related challenges and threats. To mitigate the security issues that could affect the performance of a healthcare web application system, the five set attributes are elucidated: confidentiality, integrity, availability, access control, and authentication. These attributes form the basic fundamentals of security; without them, the security of software cannot be ensured. The main reason for using these attributes is to plug in gaps in the healthcare web application structure so that security breaches cannot be made [28].

3.1.1. Confidentiality

Confidentiality ensures that the data are not disclosed to unauthorized users. This attribute has been described as a pillar of healthcare ethics since Hippocrates [29]. It is a broad security concept implemented at all stages of a healthcare web application system, including the processing, storage, retrieval, and display of information. Hence, it strengthens a trusted binding mechanism of design and all its components, assuring that the sanctity of data is preserved in encrypted form and not violated by intruders.

3.1.2. Integrity

Integrity is the accuracy of the data in storage or during transmission. It assures that the end-user’s data are not corrupted or tampered with during transmission. In a more expanded form, integrity can be ensured both at the source and destination, which can prevent the unauthorized use of data [30].

3.1.3. Availability

The availability attribute ensures that a system is ready and available for use by an authorized user whenever needed. The availability of a system may be compromised in case of a denial-of-service attack [31]. The availability of a system confirms that the system is ready to be used for all the needed functionalities. The system should be designed in multiple subsystems so that the availability of the system is not jeopardized in case of the failure of any of the subsystems.

3.1.4. Access Control

Access control limits how the system should be used by its legitimate users. The users are required to present credentials to access the system’s specific functionality. Depending on respective access controls, role-based accessibility is allocated to users: some of the users may be given complete control of the system, such as the administrators, while other users may be given only limited access, such as the end-users, based on their specific use of the system [32].

3.1.5. Authentication

Authentication is the process of identifying the legitimate user requesting access to the system. A username and password are the most common method of authenticating any user to provide access. The authentication process involves a mechanism that validates authentic users or multiple users to access information. This authentication can be in the form of a security question, SMS, OTP, biometric, RSA, etc. [33].

3.2. Security Risk Factors

The demand for security is escalating every day as the IT field expands, resulting in enhanced applications that may require high levels of security. Security typically relies on two integrated viewpoint elements, i.e., effective risk management as well as effective countermeasures [34]. To estimate security risk and ameliorate it, organizations need to identify and address the different types of security characteristics that affect security directly or indirectly. HWAs’ security may be enhanced by identifying and mitigating security risks at earlier phases of the SDLC. In this paper, the risk is defined from the perspective of the software vulnerability, taking into account both the likelihood of HWA vulnerability and exploitation impact in a system. This may cause the potential loss, destruction, or damage of assets, while a vulnerability is a weakness that could expose threats within user systems, networks, and applications [35]. A system’s security is jeopardized when a vulnerability is discovered but not patched, and new vulnerabilities are identified over the course of a software system’s lifespan. As per the studies of existing research and experts’ opinions, some of the common security risks are listed below with a concise elucidation (see

Table 1. An overview of security risk factors in the design phase.

S. No.	CWE ID	Security Risk Factors	Scope Factor
1.	ACPVPM	This weakness might allow an attacker to modify the variable that contains an unintended value. It is a public method that reads, alters, or modifies a private variable; it may violate other code parts’ definitions or values. In addition, if an attacker can read the private variable, it is easy for the attacker to launch more attacks as well as expose sensitive information, and it affects the integrity scope of variables [36].	Integrity, Access Control
2.	PCF	The software keeps passwords within configuration files that could be accessed by unknown actors. Having access to this file would allow an attacker to either steal the password, modify it to their own preference, or create unfavorable conditions [37].	Access Control, Authentication
3.	MESD	This vulnerability is introduced due to the absence of proper data encryption, which allows the transmission of the assurance of confidentiality, transparency, and integrity by properly enforced encryption. Before the storage or transmission of data, the application does not encrypt critical and confidential information. This vulnerability is triggered during the phase of architecture and design due to lacking security tactics [38].	Confidentiality, Integrity
4.	UPC	An attacker might use this flaw to alter the victim’s password and allow him to gain access to the user’s data. On the other hand, the application does not require any kind of authentication or knowledge about the user’s original password when creating a new password [39].	Access Control, Authentication
5.	RCT	In a multi-threaded environment that uses the locking functionality around code that enforces the system to block, alter, and read persistent data. If a resource is used concurrently by two execution threads, there is a risk that invalid resources can be used. It is mainly introduced in programming when the critical resource is changed by two or more execution threads [40].	Integrity
6.	USP	This weakness might allow attackers to access data files in an unauthorized way or unexpectedly change configuration settings to execute their programs. Such programs will enable the application to find critical resources using a search path, which an attacker may alter through malicious code [41].	Confidentiality, Integrity, Availability, Access Control
7.	DCIC	The main drawback of this weakness is that the program’s executable code or source code is downloaded without verifying its data integrity and origin. The absence of authentication makes it possible for attackers to fool the machine by executing malicious code or altering the source code [42].	Confidentiality, Integrity
8.	RC	In this flaw, concurrent operations are executed on a single resource without proper synchronization. The code requires that certain states should not be modified between two operations, but a timing window exists in which the state can be modified by an unexpected actor or process. Such conditions allow a remote user to take advantage of the race by executing a series of commands and conducting a DoS (denial of service) attack [43].	Integrity
9.	EITV	The critical internal variables are initialized by software or stored data by using input fields that can be manipulated by unauthorized users. If any variables have been externally initialized, they should be distrusted, specifically in the case of users, because there is the possibility of incorrect initialization. The improper initialization of variables may interrupt the software response and create vulnerabilities in software security [44].	Integrity
10	ICMD	This vulnerability occurs when software uses an upstream component (client to server) to receive input data that defines several variables, fields, or properties in an object that should be updated or initialized. However, it is unable to appropriately control which attributes may be modified. If any attributes of an object are only solely meant for internal use, then their unintentional modification may result in a security flaw [45].	Integrity

).

4. Methodology

Web application security is one of the chief concerns that define the application’s reliability, lifespan, and efficiency for both end-users and developers. In order to raise the caliber of a web application, security estimation is essential in the design phase that extends the security lifespan. Apart from technological progress in the development sector, numerous statistics have shown data breach instances that have affected the privacy of patients and the eminence of HMS. This section delineates the MCDM-based fuzzy methodology to evaluate security attributes and their risk factors.

The integrated approach of fuzzy AHP and fuzzy TOPSIS is extremely proficient to scrutinize healthcare web application security from the design tactics viewpoint for gauging HWAs’ rankings and fix their security risks. The current study involves various aspects for designing a security risk estimation framework, such as the identification of factors, the mapping of security risk factors with their corresponding security attributes, the assessment of risk factors, and statistical analysis. The mapping matrix is based on synchronizing the top 10 security risk factors, i.e., ACPVPM, PCF, MESD, UPC, RCT, USP, DCIC, RC, EITV, and ICMD, which are mapped with their security attributes such as CIA, Access Control, and Authentication (see Figure 2).

For evaluating the risk factors of healthcare web applications, the hierarchical structure is represented graphically. All the classifying factors and sub-factors for the data processing algorithm, in order to generate the research finding were identified using a literature review and a consultation with experts. The researcher of this review discovered that specialists had used fuzzy theory along with AHP to examine the imprecise real-world challenges because they are exceedingly ambiguous [46]. The precise details of these approaches are discussed in the subsequent section.

4.1. Fuzzy AHP

Fuzzy AHP is a powerful prescript for addressing arduous conclusive problems, and all the complicated problems may be evaluated through various classed levels of objectives. To solve the arduousness of a complex problem, fuzzy AHP divides it into a tree-like structure. In addition, for the estimation of the priority of various alternatives with multiple criteria in a hierarchical structure, it is also utilized as a decision-making technique [47]. The fuzzy AHP is based on fuzzy interval arithmetic, which uses the TFN to compute the weights of elements. Saaty was the first who proposed the AHP technique [48]. To deal with imprecision in multi-criteria decision problems, it merely uses the pair-wise comparison matrix [49]. The triangular fuzzy numbers are used in this model to represent linguistic variables and to conduct fuzzy operations using AHP. To deal with the uncertainty caused by imprecision and vagueness, Zadeh developed the fuzzy set theory [50].

On the basis of experts’ viewpoints as well as responses via questionnaire or by using brainstorming, the tree structure is prepared, and after that, a triangular fuzzy number (TFN) is fabricated from the hierarchy. In addition, a pair-wise comparison of every cluster of grouped objectives performs a significant contribution to determining the impact of one criterion on the other. The researcher transfigures the linguistic values into the TFN as well as crisp numbers, and in this study, the values of the TFN are between 0 and 1 [51]. The computational simplicity of triangular fuzzy membership functions, as well as their ability to deal with fuzzy data, is the reason for their widespread acceptance [52]. Additionally, the classification of linguistic values is equally important, fairly important, strongly important, weakly important, absolutely important, etc., and apart from these, the crisp values are grouped as from {1, 2, ….9}. Furthermore, a fuzzy number TFN ${\mu }_a\left(t\right)$ is defined by the triangular membership function $l_o$, $m_i$, and $u_p$ are given as limits (i.e., lower limit, middle limit, and upper limit, respectively), as shown in Figure 3, and the membership functions are depicted in Equations (1) and (2):

$${\mu }_a\left(t\right)=\mathrm{a}=(l_o,m_i,u_p)$$

(1)

$${\mu }_a\left(t\right)=\left\{\begin{array}{c}1,\hspace{1em}if t=m_i,\hspace{1em}\\ \frac{t-l_0}{m_i-l_0},\hspace{1em}if l_o<t<m_i,\\ \frac{u_p-t}{u_{p-m_i}},\hspace{1em}if m_i<t<u_p,\\ 0,\hspace{1em}otherwise.\end{array}\right.$$

(2)

($l_o$, $m_i$, $u_p$) is depicted as a TFN in a quantitative manner, and experts have assigned ratings to the factors affecting the values using the scale shown in

Table 2. TFN scale.

Saaty Scale Definition	Fuzzy Triangle Scale
1	Equally important	(1, 1, 1)
3	Weakly important	(2, 3, 4)
5	Fairly important	(4, 5, 6)
7	Strongly important	(6, 7, 8)
9	Absolutely important	(9, 9, 9)
2	Intermittent values between two adjacent scales	(1, 2, 3)
4		(3, 4, 5)
6		(5, 6, 7)
8		(7, 8, 9)

.

In the conversion of numeric values into TFNs, Equations (3)–(6) are used [51,52,53], which are designated as ($l_{o_{jk}}$, $m_{i_{jk}}$, $u_{p_{jk}}$) where, $l_{o_{jk}}$ is lower, $m_{i_{jk}}$ is middle and $u_{p_{jk}}$ is a higher value. In Equations (3)–(6), $R_{jkz}$ indicates the relative importance of the values between two factors, which is given by security expert z, where j and k signify a pair of factors being decided by security experts. $n_{jk}$ is evaluated for a specific comparison on the basis of geometric mean, which is given by experts using TFN$\left[n_{jk}\right]$, where lower, middle, and upper values are as $l_{o_{jk}}\le m_{i_{jk}}\le u_{p_{jk}}$. Additionally, TFN[$n_{jk}$] is recognized by Equation (3).

$$n_{jk}=(l_{o_{jk}},m_{i_{jk}},u_{p_{jk}})$$

(3)

$$l_{o_{jk}}=\min (R_{jkz})$$

(4)

$$m_{i_{jk}}={(R_{jk1},R_{jk2},R_{jk3})}^{\frac{1}{t}}$$

(5)

$$and\hspace{1em}{u}_{p_{jk}}=\max (R_{jkz})$$

(6)

Furthermore, with the help of Equation (7), a fuzzy pair-wise comparison matrix in the form of an $m\times m$ matrix is generated after obtaining the TFN values for each pair of comparisons.

$$\widetilde{P^z}=\left[\begin{array}{c}\begin{array}{ccc}{\tilde{x}}_{11}^z& {\tilde{x}}_{12}^z\dots ..& {\tilde{x}}_{1m}^z\\ {\tilde{x}}_{21}^z& {\tilde{x}}_{22}^z\dots ..& {\tilde{x}}_{2m}^z\\ \dots ..& \dots ..& \dots ..\end{array}\\ \begin{array}{ccc}{\tilde{x}}_{m1}^z& {\tilde{x}}_{m2}^z\dots ..& {\tilde{x}}_{mm}^z\end{array}\end{array}\right]$$

(7)

where $\widetilde{x_{jk}^z}$ represents the $zth$ decision maker’s preference of the $jth$ criteria over the $kth$ criteria. When there are multiple decision-makers, Equation (8) is used to calculate the average of each decision-maker’s preferences.

$$\widetilde{x_{jk}}={\sum }_1^d{\tilde{x}}_{jk}^z$$

(8)

After that, with the help of Equation (9) and based on average preferences, pair-wise comparison matrices are updated for all the factors in the hierarchy.

$$\tilde{P}=\left[\begin{array}{c}\begin{array}{ccc}\widetilde{x_{11}}& \dots \dots \dots & \widetilde{x_{1m}}\\ \widetilde{x_{21}}& \dots \dots \dots & \widetilde{x_{2m}}\\ \dots ..& \dots ..& \dots ..\end{array}\\ \begin{array}{ccc}\widetilde{x_{m1}}& \dots \dots & \widetilde{x_{mm}}\end{array}\end{array}\right]$$

(9)

The fuzzy geometrical mean and fuzzy weights of each factor are then described using the geometrical mean technique, as indicated in Equation (10). After that, with the help of Equation (11), the fuzzy weight of the factor is concluded.

$$\widetilde{a_i}=\left({\prod }_{i=1}^n\widetilde{x_{jk}}\right)\raisebox{1ex}{$1$}\!\left/ \!\raisebox{-1ex}{$n$}\right.,\hspace{1em}j=\left\{\mathrm{1,2},3,\dots ,n\right\}$$

(10)

$$\widetilde{{wt}_i}={\widetilde{a_i}\otimes (\widetilde{a_1}⨁\widetilde{a_2}⨁\widetilde{a_3}\dots ...⨁\widetilde{a_n})}^{-1}$$

(11)

Further, with the help of Equations (12) and (13), the average and normalized weight criteria may be calculated.

$${Avg}_i=\frac{\widetilde{{wt}_1}⨁\widetilde{{wt}_2}\dots \dots ⨁\widetilde{{wt}_n}}{n}$$

(12)

$${N\_wt}_i=\frac{{Avg}_i}{{Avg}_1⨁{Avg}_2⨁\dots ..⨁{Avg}_n}$$

(13)

Furthermore, to compute the BNP value of the fuzzy weights, the Centre of Area (COA) approach is applied for every measurement with the help of Equation (14).

$$BN{P}_{Wt}=\frac{\left[\left({\mathrm{u}}_{\mathrm{p}}wt1-l_{o}wt1\right)+(m_{i}wt1-l_{o}wt1)\right]}{3}+l_{o}wt1$$

(14)

4.2. Fuzzy TOPSIS

Fuzzy TOPSIS is one of the foremost approaches for determining the ideal solution among analogous alternatives. Besides this, it can be preferred to automate the procedure and eliminate confusion and ambiguity in the selected criteria. This is a linear weighting technique that was first put forth by Chen and Hwang (1992), citing Hwang and Yoon (1981). TOPSIS contemplates the MCDM view with m choices as a geometric arrangement with m points in the n-dimensional space of factors. The method utilized in this study is based on the assumption, i.e., the maximum and minimum ideal solutions, respectively.

To induce an ideal solution, the selected alternative must have the closest and farthest distance from the Fuzzy Positive Ideal Solution (FPIS) and Fuzzy Negative Ideal Solution (FNIS) [54]. Shadbegian and Gray stated that security experts might encounter some issues with the allocation of specific performance ratings of any alternative on the basis of factors. The relevant phases of the Fuzzy AHP-TOPSIS method are presented in the flow chart below (see Figure 4).

This procedure allocates fuzzy numbers in place of specific numbers to represent the relative significance of a factor for consistency with real-world fuzzy surroundings. Furthermore, the fuzzy AHP-TOPSIS technique is well suited to solve group decision-making problems in fuzzy contexts. Figure 4 illustrates the comprehensive procedure for achieving weights as well as the estimation of the viability of the fuzzy AHP-TOPSIS method. Firstly, the researcher determines the weights of the evaluation factors. With the help of Equations (1)–(14), the current research applies the fuzzy AHP process to derive fuzzy weight. In addition, a fuzzy decision matrix is created by researchers with the help of

Table 3. Linguistic scales for the rating.

Linguistic Variable	Corresponding Triangular Fuzzy Number
Very Poor (VP)	(0, 1, 3)
Poor (P)	(1, 3, 5)
Fair (F)	(3, 5, 7)
Good (G)	(5, 7, 9)
Very Good (VG)	(7, 9,10)

and Equation (15), and relevant linguistic variables are chosen as alternatives for the criterion.

$$\tilde{X}=\begin{array}{c}{P}_1\\ \begin{array}{c}⋮\\ P_m\end{array}\end{array}\begin{array}{c}\begin{array}{cc}\begin{array}{cc}{Q}_1& \dots \dots \end{array}& Q_n\end{array}\\ \left[\begin{array}{c}\begin{array}{ccc}\widetilde{y_{11}}& \dots \dots \dots & \widetilde{y_{1n}}\\ \widetilde{y_{21}}& \dots \dots \dots & \widetilde{y_{2n}}\\ \dots ..& \dots ..& \dots ..\end{array}\\ \begin{array}{ccc}\widetilde{y_{m1}}& \dots \dots & \widetilde{y_{mn}}\end{array}\end{array}\right]\end{array}$$

(15)

where ${\tilde{y}}_{jk}=\frac{1}{Z}({\tilde{y}}_{jk}^1\dots ⨁{\tilde{y}}_{jk}^z⨁\dots \dots {\tilde{y}}_{jk}^Z)$, and ${\tilde{y}}_{jk}^z$ is the performance rating of the alternative $P_j$ with respect to factor $Q_k$ estimated by the $zth$ practitioner and ${\tilde{y}}_{jk}^z=({l_0}_{jk}^z,{m_i}_{jk}^z,{u_p}_{jk}^z)$. With the help of Equation (16), the fuzzy decision matrix is normalized and represented by $\tilde{D}$. After that, with the help of Equation (17), the normalization process can be achieved.

$${\tilde{y}}_{jk}^z=\left({l_0}_{jk}^z,{m_i}_{jk}^z,{u_p}_{jk}^z\right),\tilde{D}={\left[{\tilde{a}}_{jk}\right]}_{m\times n}$$

(16)

$${\tilde{a}}_{jk}=\left(\frac{l_{o_{jk}}}{{u_p}_k^{+}},\frac{m_{i_{jk}}}{{u_p}_k^{+}},\frac{u_{p_{jk}}}{{u_p}_k^{+}}\right), {u_p}_k^{+}=\mathit{max}(u_{p_{jk}}),\hspace{1em}j=\left\{\mathrm{1,2},\dots ,n\right\}; \mathrm{k}=\left\{1,2,\dots ,\mathrm{n}\right\}$$

(17)

Alternatively, we can set the best-desired level ${u_p}_k^{+}$ equal to 1; otherwise, the worst is 0. The normalized ${\tilde{a}}_{jk}$ continues to be a TFN. The decision matrix ${(\tilde{D}}_w)$ is normalized by weighted fuzzy numbers and is quantified through Equation (18).

$${\tilde{D}}_w={\left[{\tilde{b}}_{jk}\right]}_{m\times n}, j=\left\{\mathrm{1,2},\dots ,m\right\}; k=\left\{\mathrm{1,2},\dots ,n\right\}$$

(18)

where ${\tilde{\mathrm{b}}}_{\mathrm{j}\mathrm{k}}={\tilde{\mathrm{a}}}_{\mathrm{j}\mathrm{k}}⨂{\widetilde{\mathrm{w}\mathrm{t}}}_{\mathrm{j}\mathrm{k}}$, are normalized to the positive TFN, and their ranges belong to the closed interval [0, 1]. Thereafter, FPIS ${\mathrm{A}}_{\mathrm{s}}^{+}$ (aspiration levels) and FNIS ${\mathrm{A}}_{\mathrm{s}}^{-}$ (the worst levels) are computed for each criterion to address maximum benefit criteria while minimizing cost criteria, as shown in Equations (19) and (20).

$$A_s^{+}=\left({\tilde{b}}_1^{+},\dots \dots {\tilde{b}}_k^{+},\dots \dots {\tilde{b}}_n^{+}\right)$$

(19)

$$A_s^{-}=\left({\tilde{b}}_1^{-},\dots \dots {\tilde{b}}_k^{-},\dots \dots {\tilde{b}}_n^{-}\right)$$

(20)

where ${\tilde{b}}_{jk}^{+}=\left(\mathrm{1,1},1\right)⨂{\widetilde{wt}}_{jk}=\left(L{wt}_k,M{wt}_k,H{wt}_k\right)$ and ${\tilde{b}}_{jk}^{-}=\left(\mathrm{0,0},0\right),k=\{\mathrm{1,2},\mathrm{3,4},\dots ,n\}.$ For calculating the distance of each alternative from FPIS and FNIS, the distances $({\widetilde{Dis}}_j^{+} and {\widetilde{Dis}}_j^{-}$) of each alternative from $A_s^{+} and A_s^{-}$ can be estimated using the area compensation technique, as elucidated in Equations (21) and (22).

$${\widetilde{Dis}}_j^{+}=\sum _{k=1}^{n}Dis\left({\tilde{b}}_{jk},{\tilde{b}}_{jk}^{+}\right),\hspace{1em}j=\left\{\mathrm{1,2},\dots m\right\}; k=\left\{\mathrm{1,2},\dots ,n\right\}$$

(21)

$${\widetilde{Dis}}_j^{-}=\sum _{k=1}^{n}Dis\left({\tilde{b}}_{jk},{\tilde{b}}_{jk}^{-}\right),\hspace{1em}j=\left\{\mathrm{1,2},\dots m\right\}; k=\left\{\mathrm{1,2},\dots ,n\right\}$$

(22)

In addition, researchers discovered the closeness coefficients (i.e., relative gaps–degree) and generated alternatives for the achievement of aspiration levels in each factor. To improve the alternatives, Chou et al. proposed that ${\mathrm{Q}\tilde{\mathrm{Q}}}_{\mathrm{j}}$ is cleared to evaluate the fuzzy gaps–degree on the basis of the fuzzy closeness coefficients [51]. The similarity to the ideal solution is determined after evaluating the ${\widetilde{\mathrm{D}\mathrm{i}\mathrm{s}}}_{\mathrm{j}}^{+} \mathrm{a}\mathrm{n}\mathrm{d} {\widetilde{\mathrm{D}\mathrm{i}\mathrm{s}}}_{\mathrm{j}}^{-}$ of each alternative and is depicted in Equation (23).

$${Q\tilde{Q}}_j=\frac{{\tilde{x}}_j^{-}}{{\tilde{x}}_j^{+}+{\tilde{x}}_j^{-}}=1-\frac{{\tilde{x}}_j^{+}}{{\tilde{x}}_j^{+}+{\tilde{x}}_j^{-}}, j=\left\{\mathrm{1,2},3,\dots ,m\right\}$$

(23)

4.3. Empirical Data Analysis and Results

Generally, qualitative assessment seems to be suitable for the assessment of long-term security. It is quite difficult to perform a qualitative assessment of healthcare web application security. Security strategy is prepared on the basis of results drawn from global collaborative activities. In recent years, security professionals have amassed a large number of security policies [52]. Several firms are currently adopting high-end security healthcare web applications. The impact of security attributes on healthcare web applications plays a crucial role in ensuring security [55,56,57,58,59,60]. This study identifies various security attributes and risk factors. For the purpose of assessment, the identified security attributes and risk factors are linked together to establish a relationship among them. For assessment, T11, T12, and T13 are represented as the attributes of confidentiality at level 2 with respect to security. T21, T22, T23, T24, T25, T26, T27, and T28 are represented as the attributes of integrity at level 2 with respect to security. T31 is represented as the attribute of availability at level 2 with respect to security. T41, T42, T43, and T44 are represented as the attributes of access control at level 2 with respect to security. T51 and T52 are represented as the attributes of authentication at level 2 with respect to security. This study uses the opinions of 70 professionals from academia and industry in order to compile the data. The estimation of security via fuzzy AHP-TOPSIS has been assessed by using Equations (1)–(23) as follows:

The researcher converted the linguistic values into numeric values as well as aggregated TFN values by using Table 2 and Equations (1)–(6). Additionally, Equation (7) was used to create the pair-wise comparison matrixes for level 1 attributes, as shown in

Table 4. Fuzzy aggregated pair-wise comparison matrix at level 1.

	T1	T2	T3	T4	T5
T1	1.0000, 1.0000, 1.0000	0.3127, 0.4395, 0.6252	0.8733, 0.9012, 0.9465	0.2261, 0.2928, 0.4166	0.2580, 0.3386, 0.5055
T2	-	1.0000, 1.0000, 1.0000	2.0451, 3.1699, 4.2330	0.2665, 0.3657, 0.5911	0.6906, 1.0059, 1.5117
T3	-	-	1.0000, 1.0000, 1.0000	0.3667, 0.5251, 0.9659	0.3604, 0.5220, 0.8074
T4	-	-	-	1.0000, 1.0000, 1.0000	0.8960, 1.1486, 1.3903
T5	-	-	-	-	1.0000, 1.0000, 1.0000

. Similarly,

Table 5. Fuzzy aggregated pair-wise comparison matrix at level 2 for confidentiality.

	T11	T12	T13
T11	1.0000, 1.0000, 1.0000	0.6951, 0.9501, 1.3457	1.1048, 1.4380, 1.6906
T12	-	1.0000, 1.0000, 1.0000	1.1902, 1.5820, 2.1497
T13	-	-	1.0000, 1.0000, 1.0000

,

Table 6. Fuzzy aggregated pair-wise comparison matrix at level 2 for integrity.

	T21	T22	T23	T24	T25	T26	T27	T28
T21	1.0000, 1.0000, 1.0000	1.1121, 1.5105, 1.9331	0.4891, 0.6301, 1.5241	0.4101, 0.5744, 1.6523	0.2210, 0.2870, 0.4152	0.3141, 0.4611, 0.8712	0.6574, 1.1652, 1.6882	0.2442, 0.3234, 0.4865
T22	-	1.0000, 1.0000, 1.0000	0.5704, 0.6654, 0.8021	0.3045, 0.3934, 0.5661	0.2678, 0.3523, 0.5175	0.1668, 0.1968, 0.2531	0.3938, 0.5745, 1.0564	0.1695, 0.2135, 0.2751
T23	-	-	1.0000, 1.0000, 1.0000	1.1141, 1.3195, 1.5517	0.3112, 0.4311, 0.8112	0.8441, 0.8711, 1.1253	1.2611, 1.8245, 2.4312	0.1711, 0.2044, 0.2641
T24	-	-	-	1.0000, 1.0000, 1.0000	0.5384, 0.9147, 1.5835	0.6082, 1.0591, 1.6828	0.7545, 1.3462, 1.9615	0.6785, 0.7474, 0.8725
T25	-	-	-	-	1.0000, 1.0000, 1.0000	0.4147, 0.6344, 1.1711	0.9474, 1.1095, 1.2457	0.2511, 0.3344, 0.5114
T26	-	-	-	-	-	1.0000, 1.0000, 1.0000	1.8884, 2.5515, 3.1694	0.8112, 1.0352, 1.3166
T27	-	-	-	-	-	-	1.0000, 1.0000, 1.0000	0.2136, 0.2574, 0.3194
T28	-	-	-	-	-	-	-	1.0000, 1.0000, 1.0000

,

Table 7. Fuzzy aggregated pair-wise comparison matrix at level 2 for access control.

	T41	T42	T43	T44
T41	1.0000, 1.0000, 1.0000	1.0784, 1.5991, 2.1134	0.8244, 1.1125, 1.6144	0.5674, 0.7132, 0.8734
T42	-	1.0000, 1.0000, 1.0000	0.3237, 0.4488, 0.6052	0.2588, 0.3174, 0.4164
T43	-	-	1.0000, 1.0000, 1.0000	0.6667, 1.0564, 1.5444
T44	-	-	-	1.0000, 1.0000, 1.0000

and

Table 8. Fuzzy aggregated pair-wise comparison matrix at level 2 for authentication.

	T51	T52
T51	1.0000, 1.0000, 1.0000	0.6664, 1.0506, 1.5428
T52	-	1.0000, 1.0000, 1.0000

show the fuzzy pair-wise comparison matrixes through the hierarchy at level 2.

The researcher calculated the fuzzy weights of factors with the help of Equations (8)–(10), and the weight of each element is calculated using Equations (11)–(13). Additionally, the BNP values (i.e., best non-fuzzy performance) of each attribute are calculated via Equation (14). Thereafter, the weights for the continuing attributes may be determined and shown in

Table 9. Combined pair-wise comparison matrix at level 1.

	T1	T2	T3	T4	T5	Weight
T1	1.0000	2.5540	1.7017	2.4274	0.5909	0.2391
T2	0.3914	1.0000	0.7964	0.9706	0.2070	0.0950
T3	0.5876	1.2556	1.0000	1.0563	0.2532	0.1199
T4	0.4121	1.0236	0.9467	1.0000	0.2357	0.1032
T5	1.6686	4.8239	3.9495	4.2427	1.0000	0.4426
C.R. = 0.0025

,

Table 10. Combined pair-wise comparison matrix at level 2 for confidentiality.

	T11	T12	T13	Weight
T11	1.0000	0.9853	1.3577	0.3610
T12	1.0149	1.0000	1.6261	0.3872
T13	0.7365	0.6147	1.0000	0.2516
C.R. = 0.0026

,

Table 11. Combined pair-wise comparison matrix at level 2 for integrity.

	T21	T22	T23	T24	T25	T26	T27	T28	Weight
T21	1.0000	1.4912	0.6912	0.6418	0.3114	0.5206	1.1697	0.3438	0.0734
T22	0.6741	1.0000	0.6778	0.4104	0.3724	0.2033	0.6497	0.2150	0.0496
T23	1.4474	1.4771	1.0000	1.2977	0.4935	0.8502	1.8364	0.2147	0.1032
T24	1.5644	2.4138	0.7711	1.0000	0.9631	1.1024	1.3511	0.7319	0.1272
T25	3.3141	2.6852	2.0263	1.0378	1.0000	0.7172	1.1028	0.4358	0.1407
T26	1.8981	4.9188	1.1737	0.9071	1.3943	1.0000	2.3852	1.0473	0.1731
T27	0.8551	1.5396	0.5444	0.7404	0.9067	0.4192	1.0000	0.2621	0.0760
T28	2.9154	4.6484	4.6729	1.3663	2.2989	0.9548	3.8153	1.0000	0.2563
C.R. = 0.0330

,

Table 12. Combined pair-wise comparison matrix at level 2 for access control.

	T41	T42	T43	T44	Weight
T41	1.0000	1.5973	1.1648	0.7168	0.2543
T42	0.6262	1.0000	0.4561	0.3274	0.1301
T43	0.8585	2.1922	1.0000	1.0804	0.2829
T44	1.3951	3.0544	0.9256	1.0000	0.3325
CR = 0.0187

and

Table 13. Combined pair-wise comparison matrix at level 2 for authentication.

	T51	T52	Weight
T51	1.0000	1.0804	0.5193
T52	0.9256	1.0000	0.4806
CR = 0.0000

, which depict the local and dependent weight of attributes according to Figure 4.

Table 14. Final weights of hierarchy.

Characteristics of Level 1	Local Weights of Level 1	Characteristics of Level 2	Local Weights of Level 2	Global Weights of Level 2
T1	0.2391	T11	0.3610	0.0863
		T12	0.3872	0.0926
		T13	0.2516	0.0601
T2	0.0950	T21	0.0734	0.0069
		T22	0.0496	0.0047
		T23	0.1032	0.0098
		T24	0.1272	0.0120
		T25	0.1407	0.0133
		T26	0.1731	0.0164
		T27	0.0760	0.0072
		T28	0.2563	0.0243
T3	0.1199	T31	-	0.1199
T4	0.1032	T41	0.2543	0.0262
		T42	0.1301	0.0134
		T43	0.2829	0.0292
		T44	0.3325	0.0343
T5	0.4426	T51	0.5193	0.2298
		T52	0.4806	0.2127

shows the global weight of every attribute of security.

Now, the researcher must figure out the impact of risk factors on altering preferences with respect to criteria. Ten successive healthcare web applications (i.e., HWA1, HWA2, HWA3, HWA4, HWA5, HWA6, HWA7, HWA8, HWA9, and HWA10) from the local hospitals of Uttar Pradesh, India, were taken to estimate the security risk. The researcher gathered input on the technological data with the help of Table 3 for all 10 alternatives, as depicted in

Table 15. Subjective cognition results of evaluators in linguistic terms.

	HWA1	HWA2	HWA3	HWA4	HWA5	HWA6	HWA7	HWA8	HWA9	HWA10
T11	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500
T12	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100
T13	4.0900, 6.0900, 7.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100
T21	2.4500, 4.2700, 6.2700	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	2.0900, 3.9100, 5.8200
T22	4.0900, 6.0900, 7.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	3.0900, 5.0000, 6.8200
T23	4.8200, 6.8200, 8.5500	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	4.8200, 6.8200, 8.5500
T24	4.0900, 6.0900, 7.9100	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	4.0900, 6.0900, 7.9100
T25	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200
T26	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200
T27	4.0900, 6.0900, 7.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	2.3600, 4.2700, 6.2700
T28	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100
T31	2.4500, 4.2700, 6.2700	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	2.0900, 3.9100, 5.8200
T41	4.0900, 6.0900, 7.9100	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	3.0900, 5.0000, 6.8200
T42	4.8200, 6.8200, 8.5500	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	3.0900, 5.0000, 6.8200	4.8200, 6.8200, 8.5500
T43	4.0900, 6.0900, 7.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	5.1800, 7.1800, 8.9100	4.8200, 6.8200, 8.5500	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100
T44	5.1800, 7.1800, 8.9100	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.3600, 4.2700, 6.2700	5.1800, 7.1800, 8.9100
T51	2.4500, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.0900, 3.9100, 5.8200	2.4500, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	2.4500, 4.2700, 6.2700	2.0900, 3.9100, 5.8200	4.0900, 6.0900, 7.9100	2.0900, 3.9100, 5.8200

. The researcher assessed the normalized fuzzy decision matrix, as shown in

Table 16. The normalized fuzzy decision matrix.

	HWA1	HWA2	HWA3	HWA4	HWA5	HWA6	HWA7	HWA8	HWA9	HWA10
T11	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.5100, 0.7200, 0.9000
T12	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900
T13	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5900, 0.8000, 0.9700	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900
T21	0.4200, 0.6900, 0.9900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.1600, 0.4200, 0.7200	0.4200, 0.6900, 0.9900
T22	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700
T23	0.6000, 0.8100, 1.0000	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400
T24	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.4300, 0.6400, 0.8600
T25	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700
T26	0.4200, 0.6900, 0.9900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400
T27	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5200, 0.7400, 0.9400	0.1600, 0.4200, 0.7200	0.5700, 0.7800, 0.9600
T28	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700
T31	0.5200, 0.7400, 0.9400	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400
T41	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900
T42	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900
T43	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.4300, 0.6400, 0.8600
T44	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900
T51	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900	0.5900, 0.8000, 0.9700	0.6000, 0.8100, 1.0000	0.5000, 0.7100, 0.8900
T52	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900	0.5200, 0.7400, 0.9400	0.4200, 0.6900, 0.9900	0.5000, 0.7100, 0.8900

, by using Equations (15)–(18), and evaluated the weighted normalized fuzzy decision matrix, as shown in

Table 17. The weighted normalized fuzzy decision matrix.

	HWA1	HWA2	HWA3	HWA4	HWA5	HWA6	HWA7	HWA8	HWA9	HWA10
T11	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0020, 0.0070, 0.0240	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0020, 0.0070, 0.0240
T12	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220
T13	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180
T21	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180
T22	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0020, 0.0070, 0.0240	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360
T23	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480
T24	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0020, 0.0070, 0.0220	0.0020, 0.0070, 0.0240
T25	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180
T26	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180
T27	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360
T28	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090
T31	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090
T41	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180
T42	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0020, 0.0070, 0.0240	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180
T43	0.0000, 0.0020, 0.0090	0.0020, 0.0090, 0.0300	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360
T44	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0410	0.0020, 0.0100, 0.0370	0.0010, 0.0050, 0.0180	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480
T51	0.0040, 0.0140, 0.0440	0.0030, 0.0120, 0.0420	0.0010, 0.0050, 0.0190	0.0030, 0.0110, 0.0360	0.0030, 0.0110, 0.0360	0.0040, 0.0140, 0.0440	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0020, 0.0070, 0.0240
T52	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0020, 0.0070, 0.0220	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180	0.0040, 0.0140, 0.0440	0.0010, 0.0050, 0.0180	0.0000, 0.0020, 0.0090	0.0050, 0.0160, 0.0480	0.0010, 0.0050, 0.0180

. Additionally, the researcher assessed the satisfaction degree and gap degree by using Equations (22) and (23), as depicted in

Table 18. Closeness coefficients to the aspired level among the different alternatives.

Alternatives (A)	di+	di−	Gap Degree of CCi+	Satisfaction Degree
HWA1	0.0454	0.0268	0.3667	0.6322
HWA2	0.0368	0.0345	0.4694	0.5224
HWA3	0.0364	0.0421	0.5838	0.4851
HWA4	0.0367	0.0259	0.4831	0.5748
HWA5	0.0401	0.0468	0.5348	0.4679
HWA6	0.0327	0.0477	0.6447	0.3597
HWA7	0.0452	0.0265	0.3961	0.6138
HWA8	0.0349	0.0433	0.5367	0.4638
HWA9	0.0390	0.0468	0.5335	0.4667
HWA10	0.0450	0.0265	0.3961	0.6130

.

Finally, the obtained global weight of factors from fuzzy AHP is considered as input data for the fuzzy TOPSIS approach, which proliferates a rank for alternatives. Now, the performance may be tested by using fuzzy AHP-TOPSIS. The determined performance of ten healthcare web application alternatives is as follows: HWA1, HWA7, HWA10, HWA4, HWA2, HWA3, HWA5, HWA9, HWA8, and HWA6. According to the findings of this study, HWA1 produced the finest result (see Table 18 and Figure 5).

4.4. Sensitivity Analysis

Sensitivity analysis is a threat to the validity procedure that allows security practitioners to validate their results through numerical calculations. Additionally, the threat to validity confers the idea to security experts on how various sources of outcomes may affect the proposed model. This section provides a clear perception of the effectiveness as well as the certainty of the results by altering the crucial criteria. To test the sensitivity analysis, the researcher has chosen 10 alternatives in order to implement a threat to validity. The detail of the analyzed results of the sensitivity analysis is shown in

Table 19. Sensitivity analysis.

	HWA1	HWA2	HWA3	HWA4	HWA5	HWA6	HWA7	HWA8	HWA9	HWA10
T0	0.6322	0.5224	0.4851	0.5748	0.4679	0.3597	0.6138	0.4638	0.4667	0.6130
T11	0.6255	0.5175	0.4742	0.5694	0.4615	0.3593	0.6111	0.4552	0.4615	0.6111
T12	0.6478	0.5275	0.4872	0.5809	0.4710	0.3598	0.6161	0.4712	0.4710	0.6161
T13	0.6442	0.5330	0.4802	0.5869	0.4755	0.3613	0.6191	0.4792	0.4755	0.6191
T21	0.6352	0.7105	0.4928	0.5968	0.4663	0.3703	0.6158	0.4562	0.4663	0.6158
T22	0.7213	0.6141	0.5708	0.6554	0.5543	0.4428	0.6381	0.5487	0.5543	0.6381
T23	0.6740	0.5651	0.5260	0.6121	0.5079	0.3991	0.6508	0.4952	0.5079	0.6508
T24	0.6295	0.5272	0.4810	0.5625	0.4661	0.3541	0.6081	0.4432	0.4661	0.6081
T25	0.6250	0.5311	0.4764	0.5482	0.4659	0.3486	0.6005	0.4382	0.4659	0.6005
T26	0.6449	0.5155	0.4832	0.5769	0.4592	0.3692	0.6141	0.4642	0.4592	0.6141
T27	0.6432	0.5265	0.4847	0.5755	0.4629	0.3648	0.6141	0.4642	0.4629	0.6141
T28	0.6272	0.5025	0.4862	0.5735	0.4702	0.3552	0.6126	0.4622	0.4702	0.6126
T31	0.6196	0.4975	0.4870	0.5725	0.4735	0.3502	0.6116	0.4612	0.4735	0.6116
T41	0.7072	0.7480	0.5647	0.6712	0.5545	0.4422	0.6586	0.5547	0.5545	0.6586
T42	0.6699	0.5545	0.5232	0.6202	0.5085	0.4085	0.6581	0.5087	0.5085	0.6581
T43	0.6742	0.5615	0.5137	0.6859	0.5050	0.3998	0.5821	0.5042	0.5050	0.5821
T44	0.7292	0.6020	0.5532	0.6589	0.5460	0.4418	0.6921	0.5472	0.5460	0.6921
T51	0.5908	0.4821	0.4482	0.6065	0.4291	0.3238	0.5225	0.4050	0.4291	0.5225
T52	0.5908	0.4855	0.4407	0.5364	0.4290	0.3218	0.5761	0.4242	0.4290	0.5761

. Furthermore, a graphical representation of the sensitivity analysis is depicted in Figure 6 for easy and detailed information.

The first row of Table 19 shows the original weights of this study. The calculated results are acceptable, and this is clear from the above table that the deviation in the whole security risk factors is negligible. The results of sensitivity analysis are dependent on the weight of the security risk factors.

4.5. Comparison of the Results

MCDM approaches are used in a number of research initiatives to assess various factors and their impact on various fields. A comparison of results from different approaches may provide a considerable as well as clear perspective on computed results. In addition, comparing the outcomes of the same data through different approaches is a crucial part of scientific calculation. For comparing the results of fuzzy AHP-TOPSIS, the researcher used various techniques, including classical ANP-TOPSIS, classical AHP-TOPSIS, and the Simple Average Method.

This type of comparison illustrates the capabilities and accuracy of the chosen approach. In comparison to the preceding techniques, the results of the fuzzy AHP-TOPSIS can confer a more precise and preferable result, as shown in

Table 20. Comparison of the fuzzy AHP-TOPSIS technique.

Alternatives	Fuzzy AHP-TOPSIS	Classical AHP-TOPSIS	Classical ANP-TOPSIS	Simple Average Method
HWA1	0.6322	0.6245	0.6222	0.6202
HWA2	0.5224	0.5169	0.5035	0.5130
HWA3	0.4851	0.4731	0.4611	0.4727
HWA4	0.5748	0.5685	0.5618	0.5639
HWA5	0.4679	0.4586	0.4554	0.4575
HWA6	0.3597	0.3683	0.3958	0.3583
HWA7	0.6138	0.6161	0.6310	0.6071
HWA8	0.4638	0.4616	0.4362	0.4482
HWA9	0.4667	0.4586	0.4554	0.4575
HWA10	0.6130	0.6161	0.6310	0.6071

and Figure 7.

5. Discussion and Conclusions

The design phase is the backbone of any application irrespective of its nature and area of use. Software development organizations have shown enormous growth that urges highly secured web applications. Recent trends demonstrate that the healthcare industry has turned to deploying web applications rather than conventional forms. This dependency on technology raises security concerns as securing patients’ sensitive data and hospital data becomes a critical priority. IT Industries and researchers are currently paying more attention to security. Developers should strive to develop an end-to-end framework for assessing the security risks associated with healthcare web applications to detect, evaluate, and reduce security risks as a solution to these issues. This paper proposed an integrated approach of fuzzy AHP and fuzzy TOPSIS to evaluate the security risk factors. The aim of this study was to determine the priorities based on the ranking and weighting of security attributes using the MCDM process, which demonstrates the use of an analytical hierarchical approach, through which the application becomes more secure and trustworthy. The fuzzy AHP approach can be used to prioritize the security attributes in terms of well-profiling because no attempts have been made to quantitatively prioritize and rank the security attributes that may affect the functionality of HWA security and their trade-offs. For the estimation of security risk, this combined fuzzy AHP-TOPSIS approach was applied. This proposed model was examined for ten successive healthcare web applications from the local hospitals of Uttar Pradesh, India, to determine the impact of risk factors on altering preferences with respect to criteria.

The weight and priority of risk factors are quantified by fuzzy AHP, whereas the impact of attributes on different alternatives is determined with the help of fuzzy AHP-TOPSIS. The fuzzy TOPSIS approach uses the global weight of components produced from fuzzy AHP as input to generate a rank for alternatives. The performance has now been evaluated with fuzzy AHP-TOPSIS, and with a performance score of 0.6322, HWA1 was deemed to be the best among the 10 alternatives. It provides the finest security system in terms of security methods. The determined performance of the other healthcare web application’s alternatives is, in order, HWA7, HWA10, HWA4, HWA2, HWA3, HWA5, HWA9, HWA8, and HWA6, with performance scores of 0.6138, 0.6130, 0.5748, 0.5224, 0.4851, 0.4679, 0.4667, 0.4638, and 0.3597. The findings of this study corroborate that mitigating risk in the design phase assists the developer in building a more secure web application. As security breaches are becoming more frequent, it is imperative to create security standards that also emphasize security benchmarks. Consequently, prioritizing security attributes would undoubtedly aid web application developers in enhancing security. In addition, the researcher advised that the proposed framework may be used to set the benchmark for any organization. This may also form the basis for the development of new, modified, or refined approaches that may encourage other researchers to undertake the development of other new methods in this area.