AI in Medical Imaging: The Unexpected Privacy Risks You Should Know About

Intro

Artificial intelligence is becoming a common tool in radiology. It helps radiologists detect fractures, tumors, and other abnormalities faster than before. For patients, this often means quicker diagnoses and less time waiting for results. But as AI integrates deeper into medical imaging workflows, it also introduces risks that have received far less attention—especially around the privacy and integrity of the images themselves.

Recent research from the Radiological Society of North America (RSNA) has highlighted two concerning developments: deepfake medical images that can fool both human radiologists and AI systems, and broader privacy vulnerabilities introduced when AI tools process patient scans. These findings matter for anyone who has ever had an X-ray, CT scan, or MRI—or expects to need one.

What Happened

In March 2026, RSNA published a study showing that deepfake X‑rays—synthetic images generated by AI—could deceive experienced radiologists and also trick the AI algorithms designed to detect common conditions. The researchers created realistic-looking chest X‑rays that appeared to show pneumonia or other abnormalities when none existed. Both radiologists and a commercial AI system frequently misdiagnosed the fake images. The results were presented at the RSNA annual meeting and later reported by the society’s press office.

Then in May 2026, RSNA released a separate report titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” That report examined how the use of AI in medical imaging creates new avenues for data breaches, unauthorized access, and manipulation of scan data. It noted that the very features that make AI powerful—large training datasets, cloud-based processing, and automated analysis—also expand the attack surface for bad actors.

Why It Matters

Medical images are not just anonymous pictures. They contain highly sensitive biometric data: bone structure, organ shape, tissue density, and sometimes visible anatomical identifiers. If a deepfake scan is inserted into a patient’s record, it could lead to a wrong diagnosis, unnecessary treatment, or a missed condition. The consequences are medical as well as financial.

On the privacy side, medical imaging data is increasingly stored in cloud servers or shared across institutions for AI training. If that data is not properly encrypted and access controlled, it becomes a target. A breach of radiology images can expose intimate health details that patients never consented to share beyond their care team. There is also the risk that scans could be used for identification fraud or insurance scams.

The RSNA deepfake study also calls into question the reliability of AI-assisted interpretations. If an AI system can be fooled by synthetic images, what does that mean for its judgments on real scans? And if malicious actors can insert a deepfake into a health system’s database, they could undermine trust in the entire diagnostic process.

What You Can Do

As a patient, you are not helpless. While you cannot fully control how a hospital or clinic secures its AI systems, you can take steps to reduce your risk:

  • Ask about data handling. Before undergoing imaging, ask your provider how your scans are stored, who has access, whether they are shared with AI vendors, and if they are encrypted both in transit and at rest. Reputable institutions should have clear policies.
  • Inquire about AI usage. Some facilities now use AI to help read scans. Ask whether they have procedures to verify the integrity of images—like checksums or digital signatures—and what happens if a scan is flagged as potentially manipulated.
  • Request a second opinion if something seems off. If you receive a diagnosis that feels inconsistent with your symptoms or history, consider having your original imaging files sent to another provider for a fresh look. This can help catch AI or human errors.
  • Be careful about sharing images. If you are asked to share medical images online—for a second opinion or a research study—ensure the platform is secure. Avoid sending scans through unencrypted email or messaging apps.
  • Stay informed about regulations. In the United States, HIPAA offers some protections, but it does not specifically address AI‑generated content or deepfakes. Watch for updates from your country’s health privacy authority. If you are concerned, you can also contact your elected representatives.

Sources

  • RSNA. “Deepfake X‑Rays Fool Radiologists and AI.” March 24, 2026.
    Google News summary
  • RSNA. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 20, 2026.
    Google News summary

These reports are a reminder that with every new tool come new trade-offs. AI can improve medical imaging—but only if we also address the risks that come with it. Patients who are aware of these risks are better equipped to protect themselves.