Linkage Attacks Expose Identity Risks in Public ECG Data Sharing
This addresses privacy concerns for individuals whose biometric ECG data is publicly shared, showing that current anonymization is inadequate.
The paper tackles the problem of identity risks in publicly shared ECG data by evaluating linkage attacks under realistic adversarial conditions, achieving 85% accuracy in re-identifying individuals with a 14.2% overall misclassification rate.
The increasing availability of publicly shared electrocardiogram (ECG) data raises critical privacy concerns, as its biometric properties make individuals vulnerable to linkage attacks. Unlike prior studies that assume idealized adversarial capabilities, we evaluate ECG privacy risks under realistic conditions where attackers operate with partial knowledge. Using data from 109 participants across diverse real-world datasets, our approach achieves 85% accuracy in re-identifying individuals in public datasets while maintaining a 14.2% overall misclassification rate at an optimal confidence threshold, with 15.6% of unknown individuals misclassified as known and 12.8% of known individuals misclassified as unknown. These results highlight the inadequacy of simple anonymization techniques in preventing re-identification, demonstrating that even limited adversarial knowledge enables effective identity linkage. Our findings underscore the urgent need for privacy-preserving strategies, such as differential privacy, access control, and encrypted computation, to mitigate re-identification risks while ensuring the utility of shared biosignal data in healthcare applications.