Cybersecurity Framework Prioritization for Healthcare Organizations Using a Novel Interval-Valued Pythagorean Fuzzy CRITIC

Cybersecurity is the discipline of defending systems, networks, and programs against digital assaults intended to gain access to, alter, or delete sensitive data, or disrupt regular business activities. With the transformation of digitalization, information on the internet becomes vulnerable to cyber attacks, and healthcare organizations have a critical importance in this regard. Digital healthcare technology is widely used across the world, and the security of healthcare data and equipment is a growing problem since medical equipment has been exposed to new cybersecurity risks as its access to current computer networks has increased. However, the cybersecurity frameworks offered provide a generic framework for all organizations, and prioritizing the categories within the framework for the healthcare organization is critical in terms of developing an effective security policy. In this study, an internationally accepted cybersecurity framework is evaluated by health experts, and the framework is prioritized for the use by healthcare organizations. Since such a task is carried out on linguistic expressions and experts may be uncertain about some of the categories, there is a need for a model that both converts linguistic expressions into numerical measurable form while comprehensively addressing the vagueness. For this purpose, a novel interval-valued Pythagorean fuzzy CRiteria Importance Through Intercriteria Correlation (CRITIC) method has been developed for ranking the categories within each domain of the National Institute for Standards and Technology (NIST) cybersecurity framework for the use of healthcare organizations. A sensitivity analysis, theoretical and practical consequences, and future research recommendations are also provided within the study.