Linkage Attacks Expose Identity Risks in Public ECG Data Sharing
By: Ziyu Wang , Elahe Khatibi , Farshad Firouzi and more
Potential Business Impact:
Finds people in heart data, even with secrets.
The increasing availability of publicly shared electrocardiogram (ECG) data raises critical privacy concerns, as its biometric properties make individuals vulnerable to linkage attacks. Unlike prior studies that assume idealized adversarial capabilities, we evaluate ECG privacy risks under realistic conditions where attackers operate with partial knowledge. Using data from 109 participants across diverse real-world datasets, our approach achieves 85% accuracy in re-identifying individuals in public datasets while maintaining a 14.2% overall misclassification rate at an optimal confidence threshold, with 15.6% of unknown individuals misclassified as known and 12.8% of known individuals misclassified as unknown. These results highlight the inadequacy of simple anonymization techniques in preventing re-identification, demonstrating that even limited adversarial knowledge enables effective identity linkage. Our findings underscore the urgent need for privacy-preserving strategies, such as differential privacy, access control, and encrypted computation, to mitigate re-identification risks while ensuring the utility of shared biosignal data in healthcare applications.
Similar Papers
TransECG: Leveraging Transformers for Explainable ECG Re-identification Risk Analysis
Signal Processing
Finds private heart signals to protect patient data.
Privacy Risk Predictions Based on Fundamental Understanding of Personal Data and an Evolving Threat Landscape
Machine Learning (CS)
Shows how one data leak can cause others.
ECG Identity Authentication in Open-set with Multi-model Pretraining and Self-constraint Center & Irrelevant Sample Repulsion Learning
Cryptography and Security
Identifies people by their heartbeats, even strangers.