AI in Medical Imaging: A New Privacy Risk for Patients
Artificial intelligence is increasingly used to help radiologists interpret X-rays, CT scans, and MRIs. It can spot patterns that human eyes might miss and speed up diagnosis. But as AI becomes more embedded in medical imaging, a less discussed issue is emerging: new privacy and security risks for patients. Recent reports from the Radiological Society of North America (RSNA) warn about deepfake medical images and vulnerabilities in large language models (LLMs) that could put your health data at risk.
What Happened
In March 2026, researchers presented findings at the RSNA that deepfake X-rays can fool both human radiologists and AI diagnostic systems. The study showed that manipulated images—created using generative adversarial networks (GANs)—were so convincing that even experienced specialists could not reliably tell them apart from real scans. The implications go beyond simple forgery: a fake X-ray could lead to a wrong diagnosis, unnecessary treatment, or be used for fraud.
Earlier, in May 2025, an RSNA special report highlighted cybersecurity threats specifically tied to LLMs in radiology. These models, which power many AI tools in hospitals, can be exploited by attackers to extract, alter, or leak patient data. The report noted that LLMs might inadvertently expose sensitive information if not properly secured. Together, these findings point to a growing blind spot in medical data protection.
Why It Matters
For patients, the risks are not hypothetical. Your medical images contain far more than what is visible to the naked eye. AI can often infer race, sex, age, and even certain genetic conditions from a scan—information you may never have explicitly shared. If a malicious actor gains access to these images, they could use that data to discriminate, blackmail, or commit identity theft.
Deepfake X-rays add another layer. Imagine a scenario where an attacker alters a scan to show a tumor that does not exist. The patient could receive invasive, unnecessary procedures—or an insurer could deny coverage based on a fabricated finding. On the flip side, a fake “clear” scan could hide a real condition, delaying treatment with serious consequences.
Hospitals and imaging centers are already frequent targets for cyberattacks. As AI tools are integrated into the workflow, the attack surface grows. A breach of an AI system could expose not just a few images but entire databases of patient scans. And because medical images are often stored in digital archives for years, a single leak can have lasting effects.
What Readers Can Do
While you cannot eliminate all risks, there are practical steps you can take to protect your medical images:
Ask about security practices. When you schedule an imaging exam, ask the facility how they protect digital data. Inquire whether they use encryption for storage and transmission, and whether they have a process for regularly auditing AI systems.
Read consent forms carefully. Some imaging centers include broad data-sharing clauses that allow your scans to be used for AI training or research. If you are uncomfortable with this, ask if you can opt out without affecting your care. In many cases, you have that right.
Limit unnecessary scans. Every imaging study creates a new digital file that enters the system. While no one should avoid a needed exam, discuss with your doctor whether a scan is truly warranted. Fewer scans mean fewer copies of your data floating around.
Check your provider’s breach history. Look up your healthcare provider’s record of data breaches (sites like the U.S. Department of Health and Human Services breach portal list them). If they have had multiple incidents, consider whether you can choose another facility.
Support stronger regulations. Cybersecurity standards for medical imaging AI are still evolving. Write to your elected representatives or healthcare providers encouraging them to adopt frameworks like the NIST AI Risk Management Framework. Public pressure helps drive better protections.
It is important to note that no current system is perfectly secure. Researchers are still working on ways to detect deepfake medical images, and most hospitals are still adapting to these threats. Staying informed is your best first line of defense.