De-Anonymization of Health Data: A Survey of Practical Attacks, Vulnerabilities and Challenges

Hamza Aguelal; Paolo Palmieri

doi:10.5220/0013274200003899

De-Anonymization of Health Data: A Survey of Practical Attacks, Vulnerabilities and Challenges

Hamza Aguelal
, Paolo Palmieri

University College Cork

Research output: Contribution to journal › Article › peer-review

Abstract

Health data ranks among the most sensitive personal information disclosing serious details about individuals. Although anonymization is used, vulnerabilities persist, leading to de-anonymization and privacy risks highlighted by regulations like the General Data Protection Regulation (GDPR). This survey examines deanonymization attacks on health datasets, focusing on methodologies employed, data targeted, and the effectiveness of current anonymization practices. Unlike previous surveys that lack consensus on essential empirical questions, we provide a comprehensive summary of practical attacks, offering a more logical perspective on real-world risk. Our investigation systematically categorizes these practical attacks, revealing insights into success rates, generality and reproducibility, new analytics used, and the specific vulnerabilities they exploit. The study covers health-related datasets, including medical records, genomic data, electrocardiograms (ECGs), and neuroimaging, highlighting the need for more robust anonymization. Significant challenges remain in the literature despite existing reviews. We advocate for stronger data safeness by improving anonymization methods and advancing research on de-anonymization and assessment within healthcare.

Original language	English
Pages (from-to)	595-605
Number of pages	11
Journal	International Conference on Information Systems Security and Privacy
Volume	2
DOIs	https://doi.org/10.5220/0013274200003899
Publication status	Published - 2025
Event	11th International Conference on Information Systems Security and Privacy, ICISSP 2025 - Porto, Portugal Duration: 20 Feb 2025 → 22 Feb 2025

Keywords

Anonymity
Anonymization Assessment
Data Privacy
De-Anonymization Attacks
Health Data Protection

Access to Document

10.5220/0013274200003899

https://hdl.handle.net/10468/17565Licence: CC BY-NC-ND

Cite this

@article{3fd8060675b3436ba82beadf97ccaf5f,

title = "De-Anonymization of Health Data: A Survey of Practical Attacks, Vulnerabilities and Challenges",

abstract = "Health data ranks among the most sensitive personal information disclosing serious details about individuals. Although anonymization is used, vulnerabilities persist, leading to de-anonymization and privacy risks highlighted by regulations like the General Data Protection Regulation (GDPR). This survey examines deanonymization attacks on health datasets, focusing on methodologies employed, data targeted, and the effectiveness of current anonymization practices. Unlike previous surveys that lack consensus on essential empirical questions, we provide a comprehensive summary of practical attacks, offering a more logical perspective on real-world risk. Our investigation systematically categorizes these practical attacks, revealing insights into success rates, generality and reproducibility, new analytics used, and the specific vulnerabilities they exploit. The study covers health-related datasets, including medical records, genomic data, electrocardiograms (ECGs), and neuroimaging, highlighting the need for more robust anonymization. Significant challenges remain in the literature despite existing reviews. We advocate for stronger data safeness by improving anonymization methods and advancing research on de-anonymization and assessment within healthcare.",

keywords = "Anonymity, Anonymization Assessment, Data Privacy, De-Anonymization Attacks, Health Data Protection",

author = "Hamza Aguelal and Paolo Palmieri",

note = "Publisher Copyright: {\textcopyright} 2025 by SCITEPRESS – Science and Technology Publications, Lda.; 11th International Conference on Information Systems Security and Privacy, ICISSP 2025 ; Conference date: 20-02-2025 Through 22-02-2025",

year = "2025",

doi = "10.5220/0013274200003899",

language = "English",

volume = "2",

pages = "595--605",

journal = "International Conference on Information Systems Security and Privacy",

issn = "2184-4356",

publisher = "Science and Technology Publications, Lda",

}

TY - JOUR

T1 - De-Anonymization of Health Data

T2 - 11th International Conference on Information Systems Security and Privacy, ICISSP 2025

AU - Aguelal, Hamza

AU - Palmieri, Paolo

PY - 2025

Y1 - 2025

N2 - Health data ranks among the most sensitive personal information disclosing serious details about individuals. Although anonymization is used, vulnerabilities persist, leading to de-anonymization and privacy risks highlighted by regulations like the General Data Protection Regulation (GDPR). This survey examines deanonymization attacks on health datasets, focusing on methodologies employed, data targeted, and the effectiveness of current anonymization practices. Unlike previous surveys that lack consensus on essential empirical questions, we provide a comprehensive summary of practical attacks, offering a more logical perspective on real-world risk. Our investigation systematically categorizes these practical attacks, revealing insights into success rates, generality and reproducibility, new analytics used, and the specific vulnerabilities they exploit. The study covers health-related datasets, including medical records, genomic data, electrocardiograms (ECGs), and neuroimaging, highlighting the need for more robust anonymization. Significant challenges remain in the literature despite existing reviews. We advocate for stronger data safeness by improving anonymization methods and advancing research on de-anonymization and assessment within healthcare.

AB - Health data ranks among the most sensitive personal information disclosing serious details about individuals. Although anonymization is used, vulnerabilities persist, leading to de-anonymization and privacy risks highlighted by regulations like the General Data Protection Regulation (GDPR). This survey examines deanonymization attacks on health datasets, focusing on methodologies employed, data targeted, and the effectiveness of current anonymization practices. Unlike previous surveys that lack consensus on essential empirical questions, we provide a comprehensive summary of practical attacks, offering a more logical perspective on real-world risk. Our investigation systematically categorizes these practical attacks, revealing insights into success rates, generality and reproducibility, new analytics used, and the specific vulnerabilities they exploit. The study covers health-related datasets, including medical records, genomic data, electrocardiograms (ECGs), and neuroimaging, highlighting the need for more robust anonymization. Significant challenges remain in the literature despite existing reviews. We advocate for stronger data safeness by improving anonymization methods and advancing research on de-anonymization and assessment within healthcare.

KW - Anonymity

KW - Anonymization Assessment

KW - Data Privacy

KW - De-Anonymization Attacks

KW - Health Data Protection

UR - https://www.scopus.com/pages/publications/105001709979

U2 - 10.5220/0013274200003899

DO - 10.5220/0013274200003899

M3 - Article

AN - SCOPUS:105001709979

SN - 2184-4356

VL - 2

SP - 595

EP - 605

JO - International Conference on Information Systems Security and Privacy

JF - International Conference on Information Systems Security and Privacy

Y2 - 20 February 2025 through 22 February 2025

ER -

De-Anonymization of Health Data: A Survey of Practical Attacks, Vulnerabilities and Challenges

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this