AI in Medical Imaging Raises New Privacy Risks – What Patients Need to Know

If you’ve ever had an X-ray, MRI, or CT scan, your medical images are part of a rapidly digitizing system. Hospitals now routinely use artificial intelligence to help radiologists detect tumors, fractures, and other abnormalities faster. But a recent report from the Radiological Society of North America (RSNA) warns that the same AI tools are opening a Pandora’s box of privacy risks—risks that go beyond the usual concerns about data breaches.

What happened

At the RSNA 2025 annual meeting, researchers presented a series of studies highlighting how AI introduces new vulnerabilities in medical imaging. The headline concern: medical images that were once considered anonymous can now be re-identified using AI algorithms. Even after removing names and dates, the images themselves contain enough unique features—bone structure, blood vessel patterns, even the shape of a person’s skull—to link a scan back to a specific patient.

Separate research, also presented at RSNA, demonstrated that AI can generate fake X-rays—so-called “deepfake” medical images—that fool both radiologists and diagnostic AI systems. In one study, fabricated chest X-rays were inserted into real patient datasets without detection. The implications for insurance fraud, medical records tampering, and even blackmail are concerning.

Why it matters for patients

Most people assume their medical images are safely de-identified when used for research or AI training. That assumption is no longer reliable. Studies show that re-identification attacks succeed on anonymized scans with alarming accuracy, especially when a malicious actor already has access to a patient’s public photos or other biometric data.

The risks are concrete:

  • Identity theft. A patient’s name and health history can be reconstructed from imaging metadata (like DICOM headers) that often aren’t fully stripped.
  • Manipulated records. Deepfake X-rays could be used to falsely claim a condition existed, or to hide one for insurance or legal purposes.
  • Loss of diagnostic trust. If AI-generated fake images can be inserted into a hospital’s system, clinicians cannot fully trust what they see on screen.

It’s important to note that these threats are still emerging. No widespread attacks have been reported yet, but the research suggests the underlying vulnerabilities are real.

What you can do

As a patient, you have both rights and practical options. Here are concrete steps:

  1. Ask your provider about their data security. Before an imaging procedure, ask: “How are my images stored? Who has access to them? Are they anonymized for research?” If they use third-party AI tools, request details on how those vendors handle your data.

  2. Request a DICOM copy for yourself. After your scan, ask for a copy of the DICOM files (the raw image format used in medical imaging). This gives you a baseline you could compare if you ever need to verify your records haven’t been tampered with.

  3. Inquire about metadata removal. Ask whether your provider strips identifying metadata—such as your name, birth date, and scanner ID—before images are shared externally. Some facilities do this automatically; others do not.

  4. Stay informed on opt-out options. If your hospital participates in large AI training initiatives, find out if you can opt out. Under HIPAA, you generally have the right to restrict uses and disclosures of your medical information for research, though enforcement can be patchy.

  5. Support stronger regulations. The current legal framework (HIPAA) was written before AI was standard in radiology. Advocate for updated rules that require explicit consent for the use of imaging data in AI training, and for mandatory audits to detect deepfakes.

Where this is heading

Regulators are starting to take notice. The FDA has begun scrutinizing AI tools used in medical imaging, but their focus is mainly on safety and effectiveness—not privacy. The RSNA itself is calling for new standards, including robust de-identification protocols and “digital watermarks” on authentic images to detect fakes.

Until those standards are adopted, patients should treat their medical images with the same care as their credit card numbers or Social Security number. They are unique biometric data, and with today’s AI, they can be used in ways we never imagined.

Sources

  • RSNA: “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (2025)
  • RSNA: “Deepfake X-Rays Fool Radiologists and AI” (2026)
  • Research on re-identification of medical images (presented at RSNA 2025)