Federated learning (FL) is gaining increasing popularity in the medical domain for analyzing medical images, which is considered an effective technique to safeguard sensitive patient data and comply with privacy regulations. However, several recent studies have revealed that the default settings of FL may leak private training data under privacy attacks. Thus, it is still unclear whether and to what extent such privacy risks of FL exist in the medical domain, and if so, "how to mitigate such risks?". In this paper, first, we propose a holistic framework for Medical data Privacy risk analysis and mitigation in Federated Learning (MedPFL) to analyze privacy risks and develop effective mitigation strategies in FL for protecting private medical data. Second, we demonstrate the substantial privacy risks of using FL to process medical images, where adversaries can easily perform privacy attacks to reconstruct private medical images accurately. Third, we show that the defense approach of adding random noises may not always work effectively to protect medical images against privacy attacks in FL, which poses unique and pressing challenges associated with medical data for privacy protection.

翻译：联邦学习（FL）在医学领域分析医学图像方面日益受到欢迎，其被视为一项保护敏感患者数据并遵守隐私法规的有效技术。然而，近期多项研究表明，FL的默认设置可能在隐私攻击下泄露训练数据。因此，尚不清楚FL在医学领域是否存在此类隐私风险及其程度，若存在，“如何缓解此类风险？”本文中，首先，我们提出一个面向医学数据联邦学习中隐私风险分析与缓解的整体框架（MedPFL），以分析隐私风险并制定有效的缓解策略，用于保护私有医学数据。其次，我们证明了使用FL处理医学图像存在显著的隐私风险，攻击者可轻易实施隐私攻击，精准重建私有医学图像。第三，我们发现，添加随机噪声的防御方法在FL中应对医学图像隐私攻击时并非总是有效，这为医学数据的隐私保护带来了独特且紧迫的挑战。