Cloud computing model brought many technical and economic benefits, however, there are many security issues. Most of the common traditional information security risk assessment methods such as ISO27005, NIST SP800-30 and AS/NZS 4360 are not fit for the cloud computing environment. Therefore, this study applies medical research approach to assess the information security threats in the cloud computing environment. This study has been conducted as a retrospective cohort study and the collected data has been analyzed by using the survival analysis method. The study has been conducted on the software as a service (SaaS) environment that has more than one thousand and seven hundred cloud customers. The survival analysis method is used to measure the significance of the risk factor level. The information security threats have been categorized into twenty-two categories. This study has proven that the medical research approach can be used to assess the security risk assessment in cloud computing environment to overcome the weaknesses that accompany the usage of the traditional information security risk assessment methods in cloud computing environment.