AI in Medical Imaging: What You Need to Know About the Privacy Risks

If you’ve ever had an X-ray, MRI, or CT scan, your medical images are now part of a growing digital dataset. Radiologists and hospitals are increasingly using artificial intelligence to help interpret these scans, which can speed up diagnosis and catch things a human eye might miss. But the same technology that improves care also introduces new privacy risks—some of which patients rarely hear about.

Recent research and warnings from the Radiological Society of North America (RSNA) highlight two specific concerns: the risk of deepfake medical images that could fool radiologists (and AI systems), and the vulnerability of your health data when images are stored or shared online. This article walks through what’s happening, why it matters for you, and what you can actually do about it.

What Happened

In March 2026, RSNA published research demonstrating that deepfake X-rays can fool both human radiologists and AI diagnostic tools. The study created realistic-looking but entirely fabricated chest X-rays that showed diseases like pneumonia when no such condition existed. The fake images were indistinguishable from real scans to trained experts and detection algorithms. The implication is clear: if someone can generate a convincing fake scan, they could alter or forge medical records, commit insurance fraud, or cause misdiagnosis.

Around the same time, RSNA leaders released a broader report on how AI adoption in radiology is opening a “Pandora’s box” of privacy risks. Many hospitals now store medical images in cloud-based picture archiving and communication systems (PACS). These systems weren’t originally designed with strong security for AI access, and patient data—including images, dates, and sometimes personal identifiers—can be exposed through unauthorized data sharing, weak encryption, or third-party AI vendors who train their models on patient scans without explicit consent.

Why It Matters

Medical images are not anonymous. They contain metadata like your name, date of birth, and sometimes your insurance information. If they’re leaked, that data can be used for identity theft, blackmail, or fraudulent billing. Even if the images are stripped of identifiers, a determined actor could re-identify you by matching scan patterns to other records.

The deepfake risk adds another layer. Imagine a doctor makes a treatment decision based on a scan that was altered to show a false condition. Or consider the reverse: a real finding could be erased from your records by tampering with the image file. While widespread deepfake attacks haven’t been reported in clinics yet, the research shows it’s technically feasible, and the healthcare sector is a high-value target for cybercriminals.

You might assume your hospital has airtight security, but many smaller facilities outsource AI analysis to startups whose data practices are opaque. A 2025 survey cited in the RSNA materials found that less than half of radiology departments had clear policies about how patient images were used for AI training. The bottom line: your health data may be shared in ways you never agreed to.

What Readers Can Do

You don’t need to become a privacy expert to reduce your risk. Here are practical steps:

  • Ask your provider about AI use. Before an imaging exam, you can ask: “Are you using any AI tools to analyze my scan? Where does my image data go after the procedure?” A responsible office should be able to tell you if they use cloud storage, which vendors, and whether your data will be used for training AI models. If they can’t answer, consider that a red flag.

  • Inquire about data sharing opt-outs. Some hospitals allow you to request that your images not be used for research or algorithm training. It may require signing a form or checking a box in the patient portal. This isn’t always advertised, so ask specifically.

  • Use patient portals securely. If your hospital offers an online portal to view your images and reports, enable two-factor authentication (2FA) if available. Avoid accessing these portals on public Wi-Fi. Also, be cautious about downloading your images to personal devices—once they leave the hospital’s system, their security is your responsibility.

  • Check your consent forms. When you sign a general consent for treatment, read for clauses about data use. Some forms include blanket permission to share de-identified data with third parties. “De-identified” isn’t always as anonymous as it sounds. You can often decline that part without affecting your care.

  • Report suspicious activity. If you notice an error in your medical records, such as an image that doesn’t match your history, report it to the provider’s privacy officer. Unusual billing or insurance claims for imaging you never received could also indicate data misuse.

Sources

  • RSNA, “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” May 2026. (Available at RSNA.org/news)
  • RSNA, “Deepfake X-Rays Fool Radiologists and AI,” March 2026. (Available at RSNA.org/research)

These articles are the primary sources for the risks described above. For broader context, you can also refer to guidance from the American College of Radiology on AI governance and patient data protection.

The key is to stay informed and ask questions. AI in medical imaging is here to stay, and it can bring real benefits—but only if we demand that our data is handled with the same care as our health.