Ecg de-anonymization: real-world risks and a privacy-by-design mitigation strategy

Thumbnail Image
Files
Date
2025-07-04
Authors
Aguelal, Hamza
Palmieri, Paolo
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Published Version
10.1109/CBMS65348.2025.00095
Research Projects
Organizational Units
Journal Issue
Abstract
The growing use of patient data in research underscores its value (for instance, in training AI). It also highlights the need for strong anonymization when health datasets are released publicly due to the risk of de-anonymization attacks. Electrocardiograms (ECG) are widely used, and real patient data have been openly released anonymously. However, ECGs are susceptible to linkage attacks, raising concerns around privacy, non-compliance with regulations such as the General Data Protection Regulation (GDPR), and loss of trust in digital healthcare. In this paper, we present a novel lightweight de-anonymization linkage attack on ECGs, and discuss benchmarking routes and an inclusive privacy protection framework that can be used in mitigating de-anonymization risks. The proposed matching attack leverages Convolutional Neural Networks (CNN)-based and ECGspecific features, and was tested on three open datasets: ECGID, MIMIC-IV and MIT-BIH. Unlike authentication-focused works, our study evaluates re-identification from an adversarial perspective, quantifying the risk on anonymized datasets based on metrics that establish a benchmarking baseline. Experimental results demonstrate an average matching accuracy of 97.22%, and nearly 100% for the best result, on the MIT-BIH dataset, for which previous results exist in the literature. Our results are substantially higher than the previous best-performing attack, which achieved an 81.9% accuracy. Consistent results on the two other datasets demonstrate the generality of our approach. The attack emphasizes evaluating de-anonymization risks before publicly releasing datasets. Based on our findings, we formalize recommendations into a new privacy-by-design framework resilient against real-world de-anonymization attacks, including inclusive processes to guide stakeholders in assessing requirements and offering insights into privacy metrics and improvement axes.
Description
Keywords
De-anonymization attack , Electrocardiogram (ECG) , Anonymity , Risk assessment , Privacy-by-design
Citation
Aguelal, H. and Palmieri, P. (2025) ‘ECG de-anonymization: real-world risks and a privacy-by-design mitigation strategy’, IEEE 38th International Symposium on Computer-Based Medical Systems (CBMS). Madrid, Spain: IEEE, pp. 449–456. https://doi.org/10.1109/CBMS65348.2025.00095
Link to publisher’s version
https://ieeexplore.ieee.org/xpl/conhome/11058687/proceeding
URI
https://hdl.handle.net/10468/18266
Collections
Computer Science - Conference Items
ADVANCE CRT - Conference Items
Copyright
© 2025, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.