AI in Medical Imaging: What It Means for Your Privacy

AI in Medical Imaging: What It Means for Your Privacy

Artificial intelligence is being adopted rapidly in medical imaging—helping radiologists detect tumors faster, flag abnormalities, and even predict patient outcomes. But alongside these advances, a quieter concern is emerging: the privacy and security of the images themselves.

Recent reports from the Radiological Society of North America (RSNA) have highlighted risks that many patients and providers may not fully consider. From deepfake X-rays that can fool experienced radiologists to large language models (LLMs) creating new cybersecurity vulnerabilities, the same technology that improves diagnosis also opens new avenues for misuse.

What Happened?

In 2025 and 2026, RSNA published a series of findings and warnings about the intersection of AI and medical imaging security. Notably, a 2025 special report detailed how LLMs—the same type of AI behind chatbots—could be exploited to manipulate or extract sensitive data from radiology systems. Another study demonstrated that deepfake X-rays could be generated and presented to radiologists, with the fake images being mistaken for real pathology in a significant number of cases.

These are not hypothetical risks. The research shows that existing image formats and data-sharing practices in hospitals often lack the safeguards needed to detect tampering. Meanwhile, the very data that makes medical images valuable for AI training—high-resolution scans with detailed patient metadata—also makes them prime targets for data breaches and re-identification attacks, even after anonymization.

Why It Matters

For patients, the risks fall into several categories:

• Deepfake medical images. If a manipulated X-ray or CT scan can deceive a radiologist, it could lead to misdiagnosis, inappropriate treatment, or insurance fraud. In a worst-case scenario, a malicious actor could alter a patient’s existing scan to falsely indicate or hide a condition.

• Data breaches. Medical imaging data is stored in picture archiving and communication systems (PACS) and often transmitted between providers. These systems were not designed with modern AI-powered attacks in mind. LLMs can be used to craft more convincing phishing emails targeting radiology staff, potentially giving attackers access to large datasets.

• Re-identification. Even after a scan is stripped of obvious identifiers like name and date of birth, facial features, bone structure, or other unique markers can often be matched back to a specific person. This defeats the purpose of anonymization and undermines patient trust.

• Legal and financial exposure. In many jurisdictions, medical images are considered protected health information. A breach can lead to regulatory fines, lawsuits, and loss of reputation for healthcare institutions.

The challenge is that the incentives for adopting AI in imaging are strong—faster reads, lower costs, better outcomes. But the security framework hasn’t kept pace. RSNA’s reports explicitly call for radiologists, IT departments, and regulators to work together on updated standards.

What Readers Can Do

As a patient or healthcare consumer, you cannot control hospital cybersecurity directly. But you can take practical steps to protect your medical imaging data:

• Ask about data handling before a scan. When scheduling an MRI, CT, or X-ray, ask the facility how they store and transmit the images. Do they use encryption? Who has access? How long do they keep the data?

• Request consent forms that cover image use. Some facilities ask for permission to use your images for AI training or research. Read the form carefully. If it is vague about data sharing or does not mention anonymization methods, ask for clarification.

• Use patient portals for access. Many hospitals now let you view and download your own images. Stick to secure portals rather than emailing image files or using third-party sharing services.

• Be cautious with image sharing. If you need to send your scan to a specialist, use the provider’s secure transfer system. Avoid uploading full DICOM files to cloud storage or messaging apps that lack end-to-end encryption.

• Ask about audit logs. For facilities with electronic health records, ask whether they maintain an audit trail of who views your images. This is a basic security measure.

• Stay informed on breach notices. If you receive a notification from a hospital about a data breach, take it seriously. It may involve your imaging records.

Sources

• RSNA. Special Report Highlights LLM Cybersecurity Threats in Radiology. May 2025. https://www.rsna.org/ (via linked article)
• RSNA. Deepfake X-Rays Fool Radiologists and AI. March 2026. https://www.rsna.org/
• RSNA. Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks. May 2026. https://news.google.com/articles

These reports are freely accessible, and for anyone interested in the technical details, the original research papers are referenced in the RSNA publications. The bottom line is straightforward: AI in medical imaging brings great promise, but it also demands a serious conversation about privacy—one that includes patients, not just providers.