Publicly shared electrocardiogram (ECG) data pose significant re-identification risks due to the biometric uniqueness of cardiac signals, particularly under linkage attacks leveraging partial auxiliary information (e.g., age, sex, heart rate range)—a realistic yet understudied threat model. Method: We systematically evaluate ECG re-identifiability using a multi-source real-world dataset comprising 109 subjects, proposing a quantitative framework that integrates biometric matching, confidence-weighted scoring, and statistical classification to delineate privacy leakage boundaries across varying confidence thresholds. Contribution/Results: Experiments demonstrate that conventional anonymization fails to mitigate such attacks: at 85% re-identification accuracy, the overall misclassification rate is merely 14.2%, confirming high efficacy even with limited prior knowledge. This work exposes fundamental limitations of ECG de-identification, establishing an empirical benchmark and methodological foundation for privacy-preserving biomedical signal sharing.

The increasing availability of publicly shared electrocardiogram (ECG) data raises critical privacy concerns, as its biometric properties make individuals vulnerable to linkage attacks. Unlike prior studies that assume idealized adversarial capabilities, we evaluate ECG privacy risks under realistic conditions where attackers operate with partial knowledge. Using data from 109 participants across diverse real-world datasets, our approach achieves 85% accuracy in re-identifying individuals in public datasets while maintaining a 14.2% overall misclassification rate at an optimal confidence threshold, with 15.6% of unknown individuals misclassified as known and 12.8% of known individuals misclassified as unknown. These results highlight the inadequacy of simple anonymization techniques in preventing re-identification, demonstrating that even limited adversarial knowledge enables effective identity linkage. Our findings underscore the urgent need for privacy-preserving strategies, such as differential privacy, access control, and encrypted computation, to mitigate re-identification risks while ensuring the utility of shared biosignal data in healthcare applications.