AI in Medical Imaging: The Privacy Risks You Should Know About
A new study shows AI-generated X-rays can fool radiologists—and that’s just the start of the problem.
If you’ve had an X-ray, MRI, or CT scan, those images are now digital. And like any digital data, they can be copied, altered, or leaked. The difference is that medical images are deeply personal—they reveal not just your bones and organs but your identity, your health history, and sometimes your genetic information.
Recent research presented by the Radiological Society of North America shows that AI can generate convincing fake X-rays that fool both radiologists and the AI tools used to detect fraud. That’s the headline. The quieter concern is what happens to your real medical images once they enter an AI system.
What happened
In a study published by RSNA, researchers created AI-generated chest X-rays that looked authentic enough to trick experienced radiologists. When tested against automated detection algorithms, the fake images also slipped through. That means it’s becoming possible to fabricate medical evidence with tools that are already available.
This isn’t just a lab curiosity. The same AI techniques that generate deepfake images of people can generate deepfake scans. Bad actors could use them to commit insurance fraud, avoid work or military service, or manipulate diagnoses. For patients, the danger is that a fake image could be mistaken for your real scan, leading to wrong treatment or denial of coverage.
And beyond deepfakes, there’s the everyday risk of data breaches. Medical imaging databases are valuable targets because they contain rich personal data. Once a scan is uploaded to a cloud-based AI analysis platform—something many hospitals now use—it may be retained, shared, or used to train commercial algorithms without clear consent.
Why it matters for patients
You might assume HIPAA protects your medical images. It does in the hospital setting. But once your images are shared with third-party AI vendors or used for research, the protections become less clear. Many consent forms ask for broad permission to use de-identified data, but de-identification isn’t foolproof. Face reconstruction from a CT scan is possible. So is re-identifying images from metadata.
The practical risk for you: an abnormal scan could be fabricated or modified, leading to a wrong diagnosis. Or your real scan could be leaked, exposing your health conditions to employers, insurers, or others. Ransomware attacks on hospitals have already exposed millions of imaging records.
What you can do
You don’t need to avoid medical imaging. But you can take steps to protect your data.
- Ask your provider about data use. Before a scan, ask: “Who will have access to these images? Will they be used to train AI? Can I opt out of that?”
- Read consent forms carefully. If you’re asked to agree to broad data sharing, you can decline or request a version that limits use to your care.
- Request copies of your images. Many hospitals now offer personal access portals. Keeping copies gives you a baseline in case someone ever disputes your record.
- Be mindful of remote reading. If your images are read by a radiologist in another state or country, data may cross borders with different privacy laws.
- Use patient portals with strong passwords. Enable two-factor authentication if available.
Sources
- Radiological Society of North America, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (2026).
- RSNA study on deepfake X-rays fooling radiologists and AI (March 2026).
- U.S. Department of Health and Human Services, HIPAA guidance on medical images and third-party AI vendors.
The benefits of AI in medical imaging are real—faster diagnoses, lower costs, better detection. But these come with trade-offs that patients rarely hear about until something goes wrong. A few questions now can save you from a much harder conversation later.