Embedding-Space Data Augmentation to Prevent Membership Inference Attacks in Clinical Time Series Forecasting

Balancing strong privacy guarantees with high predictive performance is critical for time series forecasting ({TSF}) tasks involving Electronic Health Records ({EHR}). In this study, we explore how data augmentation can mitigate Membership Inference Attacks ({MIA}) on {TSF} models. We show that retraining with synthetic data can substantially reduce the effectiveness of loss-based {MIA}s by reducing the attacker’s true-positive to false-positive ratio. The key challenge is generating synthetic samples that closely resemble the original training data to confuse the attacker, while also introducing enough novelty to enhance the model’s ability to generalize to unseen data. We examine multiple augmentation strategies — Zeroth-Order Optimization ({ZOO}), a variant of {ZOO} constrained by Principal Component Analysis ({ZOO-PCA}), and {MixUp} — to strengthen model resilience without sacrificing accuracy. Our experimental results show that {ZOO-PCA} yields the best reductions in {TPR/FPR} ratio for {MIA} attacks without sacrificing performance on test data.