AI in Medical Imaging: A Privacy Risk You Need to Know About
Artificial intelligence can now analyze X-rays, MRIs, and CT scans faster than many radiologists. It catches subtle findings that human eyes might miss, and in some cases it can even predict disease before symptoms appear. But the same technology that improves diagnosis also creates new privacy risks for patients. As AI becomes a standard part of radiology, the sensitive data inside medical images is being handled in ways most people are not aware of.
What happened
In May 2025, the Radiological Society of North America (RSNA) published a special report highlighting cybersecurity threats involving large language models (LLMs) in radiology. The report warned that AI chatbots and other LLM-powered tools, when integrated into medical imaging workflows, could be exploited to extract or leak patient data. Around the same time, researchers demonstrated that AI tools can pull body composition data from routine chest X-rays—going far beyond the original purpose of the exam. A simple lung scan can now reveal a patient’s muscle mass, fat distribution, and other biometric markers that were never part of the clinical order.
These developments show that medical images are no longer just pictures. They are rich data sets that, once fed into AI systems, can be analyzed, stored, shared, and potentially misused.
Why it matters
The privacy risks here are not theoretical. Medical images contain identifiers that can be stripped (DICOM tags with name, date of birth, etc.), but AI can often re-identify people using patterns in the image itself—bone structure, unique anatomical features, or even the patient’s own scan history. When images are sent to third-party AI models in the cloud, the data may cross borders or be retained by vendors without clear patient consent. And as LLM tools become common in healthcare, they introduce new attack surfaces: a chatbot trained on radiology reports could be tricked into revealing protected health information.
For patients, the consequences range from insurance discrimination to identity theft. A 2023 study found that medical data on the dark web sells for 10 to 20 times the price of credit card numbers. Once your scan is exposed, you cannot exactly change your lung shape or your bone density.
What readers can do
You do not need to refuse medical imaging to protect your privacy. Here are practical steps:
- Ask about data handling. Before an imaging exam, ask the facility where your images will be stored and whether any AI tools are used. If the AI is cloud-based, ask whether the data is de-identified and where it is stored.
- Read the consent form. Look for language about data sharing, research, and third-party algorithms. If it is vague, ask for clarification. You have the right to opt out of non‑clinical uses of your data.
- Request anonymization. Ask whether your images can be stripped of all metadata before being sent to any AI system. Not all facilities offer this, but it is worth asking.
- Keep your own records. Request a copy of your images and report. That way you have a baseline if a breach occurs, and you can check who has accessed your data.
- Be wary of online AI tools. Do not upload your radiology images to free online AI services. Many are unregulated, and you lose control of the data immediately.
What the healthcare industry is doing
Hospital systems and radiology groups are beginning to take these risks more seriously. The RSNA itself has formed working groups on AI ethics and cybersecurity. Some imaging centers now require contracts with AI vendors that include data localisation, periodic audits, and deletion after processing. But adoption is uneven. Smaller clinics may lack the resources to vet AI tools, and patients often have no easy way to compare facilities on privacy practices.
Sources
- RSNA Special Report on LLM Cybersecurity Threats in Radiology (May 2025)
- RSNA research: AI Tool Extracts Body Composition Data from Routine Chest X‑Rays (May 2026)
- Industry analysis on medical data breach costs (Ponemon Institute, 2023)