Are Your Medical Scans Safe? The Hidden Privacy Risks of AI in Imaging

Artificial intelligence is transforming medical imaging, helping radiologists detect cancers, fractures, and other conditions faster than ever. But the same technology that improves diagnosis also introduces new privacy and security risks that many patients—and even some providers—aren’t fully aware of. Recent research from the Radiological Society of North America (RSNA) suggests that medical imaging AI opens a Pandora’s box of privacy-related risks, from deepfake X-rays to unauthorized data sharing. Here’s what that means for you and your health data.

What happened

In a March 2026 study presented at the RSNA annual meeting, researchers demonstrated that AI can generate highly convincing fake medical images—so realistic that both human radiologists and diagnostic AI tools were fooled. The study showed that deepfake X-rays and CT scans could be created using generative adversarial networks (GANs), raising the possibility of fraudulent images being inserted into medical records. Separately, other RSNA research has highlighted how patient imaging data is often shared with third-party AI developers for training purposes, sometimes without explicit consent or adequate anonymization.

These findings are not just theoretical. As AI becomes integrated into picture archiving and communication systems (PACS) and electronic health records, the attack surface grows. A malicious actor could alter a scan to change a diagnosis, or a data breach could expose thousands of imaging files containing highly sensitive anatomical information.

Why it matters

The privacy risks go beyond the usual data breach concerns. Medical images are not just names and Social Security numbers—they contain detailed biometric information that can identify a person uniquely and reveal health conditions, body metrics, and even genetic markers. If such data is leaked or misused, the consequences can be long-lasting and difficult to reverse.

Two key problems stand out:

  • Deepfake images can undermine trust in diagnosis. If a fake scan is introduced into a patient’s record, it could lead to wrong treatment, delayed care, or insurance fraud. It may also be used to fabricate evidence in legal cases.
  • Training data may not be properly de-identified. While HIPAA provides protections for identifiable health information, the rules were written before AI became widespread. Some researchers and companies may claim images are “de-identified” when re-identification remains possible, especially with AI tools that can match scans to individuals based on unique features like bone structure or eye shape.

The lack of transparency in how AI models are trained compounds the issue. Patients rarely know whether their scans will be used to train commercial algorithms, and they seldom have a way to opt out after the fact.

What readers can do

You don’t need to become a cybersecurity expert to protect your imaging data, but a few proactive steps can help:

  1. Ask your provider about AI use. Before an MRI or CT scan, ask whether AI will be used to analyze your images and whether your data will be shared with third parties. Many hospitals have started developing consent forms that cover AI training—request one if it’s available.

  2. Verify image authenticity. While you can’t independently check an X-ray, you can ask your radiologist if they’ve implemented any verification methods to detect tampering. Some institutions now use digital signatures or blockchain-based logging for images.

  3. Review your medical records. Under HIPAA, you have the right to access your imaging records. Periodically request copies and review them for any discrepancies. If something looks off, flag it.

  4. Limit data sharing where possible. When enrolling in clinical studies or health apps, read the fine print about how your images will be used. Opt out of secondary research if you’re uncomfortable with unknown future uses.

For healthcare providers and administrators, the recommendations include adopting “privacy by design” in AI systems, conducting regular audits of image repositories, and using robust de-identification techniques that go beyond simple pixel masking. The RSNA itself has called for stronger ethical guidelines and technical standards to address these emerging threats.

Conclusion

AI in medical imaging is a powerful tool, but its privacy implications deserve serious attention. Patients shouldn’t have to choose between accurate diagnosis and data protection. By staying informed and asking the right questions, you can help ensure that your medical scans remain both safe and trustworthy.

Sources