Privacy Leakage in Federated Learning in Radiology Reports: A Comparative Evaluation of Tokenizer-Driven Privacy Risks
Jul 17, 2026
A preprint study evaluated privacy risks in federated learning for radiology reports, showing that gradient inversion attacks can reconstruct up to 44% of sentences exactly, depending on the tokenizer used. RadBERT enabled the highest recovery of clinical terms (18.1%), but no tokenizer fully prevented information leakage. The findings indicate that tokenizer choice affects privacy risk, and that additional safeguards are needed for regulatory compliance.
Why it matters: This work highlights that federated learning for clinical text is vulnerable to privacy leakage, and that tokenizer design is a critical factor in mitigating these risks.
Full story at: arXiv Cryptography and Security ↗