Towards a maturity model for health-care cloud security (M2HCS)

Purpose The purpose of this paper is to propose a novel maturity model for health-care cloud security ((MHCS)-H-2), which focuses on assessing cyber security in cloud-based health-care environments by incorporating the sub-domains of health-care cyber security practices and introducing health-care-specific cyber security metrics. This study aims to expand the domain of health-care cyber security maturity model by including cloud-specific aspects than is usually seen in the literature. Design/methodology/approach The intended use of the proposed model was demonstrated using the evaluation method - "construct validity test" as the paper's aim was to assess the final model and the output of the valuation. The study involved a literature-based case study of a national health-care foundation trust with an overall view because the model is assessed for the entire organisation. The data were complemented by examination of hospitals' cyber security internal processes through web-accessible documents, and identified relevant literature. Findings The paper provides awareness about how organisational-related challenges have been identified as a main inhibiting factor for the adoption of cloud computing in health care. Regardless of the remunerations of cloud computing, its security maturity and levels of adoption varies, especially in health care. Maturity models provide a structure towards improving an organisation's capabilities. It suggests that although several cyber security maturity models and standards resolving specific threats exist, there is a lack of maturity models for cloud-based health-care security. Originality/value The paper fulfils a recognised requirement for security maturity model focussed on health-care cloud. It could be extended to resolve evolving cyber settings.