AI in Medical Imaging Raises New Privacy Risks: What Patients Should Know
Artificial intelligence is becoming a regular tool in radiology departments, helping doctors detect fractures, tumors, and other abnormalities from X-rays, CT scans, and MRIs. But as hospitals adopt these systems, researchers are uncovering a less-discussed side effect: new privacy threats that could affect anyone who has ever had a medical image taken. A recent study presented at the Radiological Society of North America (RSNA) shows that AI-generated fake X-rays can fool both radiologists and diagnostic algorithms, raising concerns about data manipulation and identity theft.
What Happened
In March 2026, RSNA announced research demonstrating that deepfake X-rays—synthetic images created by generative AI—were realistic enough to trick trained radiologists and commercial AI diagnostic tools. The study’s authors created fake chest X-rays that included abnormalities such as nodules and pneumothorax. When shown to human experts and AI systems, both groups misidentified the fake images as real at concerning rates. The work illustrates how generative AI, often seen as a promising aid in medicine, can also be used to produce convincing forgeries.
Beyond the deepfake threat, the RSNA event also highlighted broader privacy issues. Medical imaging AI systems require large amounts of patient data for training and validation. That data often includes not just images but patient identifiers, clinical histories, and demographics. When this information is stored, shared between institutions, or uploaded to cloud platforms for AI processing, the risk of unauthorized access or data leakage grows. Several recent headlines have pointed to healthcare data breaches affecting millions of patient records, and the addition of AI pipelines can introduce new points of vulnerability.
Why It Matters
The potential consequences for patients are serious and multifaceted.
First, manipulated medical images could lead to wrong diagnoses—a false positive that prompts unnecessary treatment, or a missed pathology that delays care. For example, a deepfake X-ray showing a fake tumor could result in an invasive biopsy of a healthy lung. A forged normal image could hide a real malignancy.
Second, medical images are personally identifiable. An X-ray or CT scan of your face, spine, or hands can be linked back to you. Stolen images could be used for insurance fraud, identity theft, or blackmail. Unlike a credit card number, you cannot change your bone structure or the unique pattern of your lungs. Once leaked, that data is permanently exposed.
Third, the trust in diagnostic processes could erode. If patients or providers cannot be sure that a medical image is authentic, the entire system loses credibility. This is especially concerning for legal and forensic cases where imaging evidence is critical.
It is important to note that widespread deepfake attacks on medical imaging are not yet common, but the research shows the capability exists. The risk is currently more theoretical than epidemic, but the healthcare industry’s increasing reliance on data-sharing makes it a vulnerability worth addressing proactively.
What Readers Can Do
You do not need to be a cybersecurity expert to take reasonable steps to protect your medical images and health data.
Ask your healthcare provider about AI data practices. Before agreeing to any imaging exam, you can ask: “Do you use AI tools to analyze my images?” and “How is my data stored and protected when shared with third-party AI services?” Reputable institutions should have clear privacy policies and data-sharing agreements.
Use secure portals for sharing images. If you need to share medical images with a specialist or a second opinion service, use the hospital’s encrypted patient portal rather than email or messaging apps. Avoid uploading images to cloud drives or social media platforms where they can be accessed by others.
Be cautious about direct-to-consumer imaging services. Some online platforms offer AI-based analysis of photos you send them. These services often have weak privacy protections. Before using one, verify their security and data retention policies.
Know your legal rights. In the United States, the Health Insurance Portability and Accountability Act (HIPAA) gives you rights over your health information, including the right to receive an accounting of disclosures and to request restrictions on certain uses. In other countries, similar data protection laws may apply. If you suspect a breach, you can file a complaint with the Department of Health and Human Services (in the U.S.) or your local privacy authority.
Limit unnecessary data collection. When possible, ask your provider to collect only the minimum patient data needed for the procedure. For example, if an AI tool does not need your full name or address to analyze an image, inquire whether de-identification is an option.
Sources
Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” RSNA News, March 24, 2026. Link
Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” (Referenced RSNA event coverage, May 2026). Link
Additional context on medical AI data privacy from public reports and HIPAA guidelines.