TY - GEN
T1 - ECG De-Anonymization
T2 - 38th IEEE International Symposium on Computer-Based Medical Systems, CBMS 2025
AU - Aguelal, Hamza
AU - Palmieri, Paolo
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The growing use of patient data in research underscores its value (for instance, in training AI). It also highlights the need for strong anonymization when health datasets are released publicly due to the risk of de-anonymization attacks. Electrocardiograms (ECG) are widely used, and real patient data have been openly released anonymously. However, ECGs are susceptible to linkage attacks, raising concerns around privacy, non-compliance with regulations such as the General Data Protection Regulation (GDPR), and loss of trust in digital healthcare. In this paper, we present a novel lightweight de-anonymization linkage attack on ECGs, and discuss benchmarking routes and an inclusive privacy protection framework that can be used in mitigating de-anonymization risks. The proposed matching attack leverages Convolutional Neural Networks (CNN)-based and ECGspecific features, and was tested on three open datasets: ECGID, MIMIC-IV and MIT-BIH. Unlike authentication-focused works, our study evaluates re-identification from an adversarial perspective, quantifying the risk on anonymized datasets based on metrics that establish a benchmarking baseline. Experimental results demonstrate an average matching accuracy of 97.22%, and nearly 100% for the best result, on the MIT-BIH dataset, for which previous results exist in the literature. Our results are substantially higher than the previous best-performing attack, which achieved an 81.9% accuracy. Consistent results on the two other datasets demonstrate the generality of our approach. The attack emphasizes evaluating de-anonymization risks before publicly releasing datasets. Based on our findings, we formalize recommendations into a new privacy-by-design framework resilient against real-world de-anonymization attacks, including inclusive processes to guide stakeholders in assessing requirements and offering insights into privacy metrics and improvement axes.
AB - The growing use of patient data in research underscores its value (for instance, in training AI). It also highlights the need for strong anonymization when health datasets are released publicly due to the risk of de-anonymization attacks. Electrocardiograms (ECG) are widely used, and real patient data have been openly released anonymously. However, ECGs are susceptible to linkage attacks, raising concerns around privacy, non-compliance with regulations such as the General Data Protection Regulation (GDPR), and loss of trust in digital healthcare. In this paper, we present a novel lightweight de-anonymization linkage attack on ECGs, and discuss benchmarking routes and an inclusive privacy protection framework that can be used in mitigating de-anonymization risks. The proposed matching attack leverages Convolutional Neural Networks (CNN)-based and ECGspecific features, and was tested on three open datasets: ECGID, MIMIC-IV and MIT-BIH. Unlike authentication-focused works, our study evaluates re-identification from an adversarial perspective, quantifying the risk on anonymized datasets based on metrics that establish a benchmarking baseline. Experimental results demonstrate an average matching accuracy of 97.22%, and nearly 100% for the best result, on the MIT-BIH dataset, for which previous results exist in the literature. Our results are substantially higher than the previous best-performing attack, which achieved an 81.9% accuracy. Consistent results on the two other datasets demonstrate the generality of our approach. The attack emphasizes evaluating de-anonymization risks before publicly releasing datasets. Based on our findings, we formalize recommendations into a new privacy-by-design framework resilient against real-world de-anonymization attacks, including inclusive processes to guide stakeholders in assessing requirements and offering insights into privacy metrics and improvement axes.
KW - Anonymity
KW - De-Anonymization Attack
KW - Electrocardiogram (ECG)
KW - Privacy-by-design
KW - Risk Assessment
UR - https://www.scopus.com/pages/publications/105010625069
U2 - 10.1109/CBMS65348.2025.00095
DO - 10.1109/CBMS65348.2025.00095
M3 - Conference proceeding
AN - SCOPUS:105010625069
T3 - Proceedings - IEEE Symposium on Computer-Based Medical Systems
SP - 449
EP - 456
BT - Proceedings - 2025 IEEE 38th International Symposium on Computer-Based Medical Systems, CBMS 2025
A2 - Rodriguez-Gonzalez, Alejandro
A2 - Sicilia, Rosa
A2 - Prieto-Santamaria, Lucia
A2 - Papadopoulos, George A.
A2 - Guarrasi, Valerio
A2 - Cazzolato, Mirela Teixeira
A2 - Kane, Bridget
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 June 2025 through 20 June 2025
ER -