COMPREHENSIVE INFORMATION SECURITY MODEL OF A CLOUD MEDICAL MANAGEMENT SYSTEM
DOI:
https://doi.org/10.32782/mathematical-modelling/2025-8-2-26Keywords:
information security, cloud technologies, medical service management, Analytic Hierarchy Process (AHP), cryptographic protection, access control (RBAC), data integrity, scalability, monitoring system, personal data protectionAbstract
A comprehensive problem of ensuring information security in modern cloud-based medical information systems implementing algorithmic management of medical services based on data analysis and automated decision-making procedures has been investigated. It is shown that the growing volume of medical data, the active adoption of telemedicine, mobile services, and integrated electronic health records require the development of secure, scalable, and cyberattack-resistant architectures. It is substantiated that traditional cybersecurity approaches do not provide an adequate level of resilience under dynamic workloads and insider threats, nor do they account for the specific features of algorithmic management, where the integrity of decision-making parameters is critical. A model for integrating security mechanisms directly into the decision-making logic, built on the Analytic Hierarchy Process (AHP), is proposed. A classification of medical data based on criticality, considering their influence on clinical and administrative decision outcomes, is justified. Key threats to cloud-based medical systems are identified, including modification of AHP weights, replay attacks, API compromise, unauthorized cache access, database query substitution, credential leakage, and event log tampering. Based on these findings, a set of principles for designing a secure architecture is formulated, incorporating a role-based access control (RBAC) model, multi-level logging, AES-256 cryptographic data protection, integrity monitoring, cache lifetime restrictions, as well as the deployment of monitoring and automated incident response systems. Examples of implementing security mechanisms in Redis and PostgreSQL environments are provided, demonstrating the practical feasibility of applying the proposed model in cloud infrastructures with high scalability requirements. It is shown that integrating security at the level of decision-making algorithms increases trust in automated systems, ensures the integrity and confidentiality of medical information, and significantly reduces the risks of insider and external attacks. The proposed concept may serve as a foundation for developing new generations of secure cloud solutions in healthcare and for further advancing regulatory requirements for the protection of medical data..
References
Griebel L., Prokosch H.-U., Köpcke F., et al. A scoping review of cloud computing in healthcare. BMC Medical Informatics and Decision Making. 2015. Vol. 15. Article 17. DOI: 10.1186/s12911-015-0145-7.
Gao F., Sunyaev A. Context Matters: A review of the determinant factors in the decision to adopt cloud computing in healthcare. International Journal of Information Management. 2019. Vol. 48. P. 120–138.
Putzier M., Kuhlmann L., Müller M., et al. Implementation of cloud computing in the German healthcare system. npj Digital Medicine. 2024. Vol. 7. Article 12.
Moumtzi G., Mavridis I., Vergidis K. A security framework for healthcare cloud computing. International Journal of Reliable and Quality E-Healthcare. 2015. Vol. 4. No. 2. P. 1–12.
Al-Dmour A., Al-Dmour R., Shannak R. The effect of cloud computing on improving the quality of healthcare services. Journal of Theoretical and Applied Information Technology. 2020. Vol. 98. No. 23. P. 3807–3820.
Javaid M., Haleem A., Singh R.P., Khan S., Suman R. Evolutionary trends in progressive cloud computing based healthcare: Ideas, enablers, and barriers. International Journal of Cognitive Computing in Engineering. 2022. Vol. 3. P. 124–135.
Kuo A.M. Opportunities and challenges of cloud computing to improve health care services. Journal of Medical Internet Research. 2011. Vol. 13. No. 3. e67.
Sajid A., Abbas H. Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges. Journal of Medical Systems. 2016. Vol. 40. No. 6. Article 155.
Chenthara S., Ahmed K., Wang H., Whittaker F. Security and Privacy-Preserving Challenges of e-Health Solutions in Cloud Computing. IEEE Access. 2019. Vol. 7. P. 74361–74382.
Dolan J.G. Shared decision-making – transferring research into practice: The Analytic Hierarchy Process (AHP). Patient Education and Counseling. 2008. Vol. 73. No. 3. P. 418–425.
Saaty T.L. The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation. New York : McGraw-Hill, 1980.
