How AI is creating new privacy risks in medical imaging – and what you can do

How AI is creating new privacy risks in medical imaging – and what you can do

Artificial intelligence is quickly becoming a standard tool in radiology. It helps doctors spot tumors, fractures, and other abnormalities faster than traditional methods. The benefits for diagnosis are real. But the same technology that allows AI to “read” X‑rays and MRIs also opens new ways for those images to be misused. Privacy experts and radiologists are beginning to raise concerns about what happens when AI‑generated fake medical images enter the picture.

What happened

In 2026, researchers presented studies at the Radiological Society of North America (RSNA) meeting that demonstrated something troubling: deepfake X‑rays can fool both human radiologists and AI detection systems. The team created synthetic chest X‑rays that were nearly indistinguishable from real ones. When shown to experienced radiologists, many could not tell the difference. Worse, the same deepfake images also bypassed AI tools designed to spot tampering. The research confirms that it is now technically possible to generate convincing fake medical scans without access to a real patient’s data, or to alter legitimate scans in ways that are extremely hard to detect.

Beyond academic demonstrations, there are practical reasons to worry. Medical imaging data is routinely shared between hospitals, clinics, insurance companies, and cloud storage services. Each transfer point is a potential vulnerability. If a bad actor gains access to a large dataset of CT or MRI scans, they could use that data to train their own deepfake models, create fraudulent reports, or even generate images that falsely “prove” a medical condition to commit insurance fraud or extortion.

Why it matters

Medical images are among the most personal and sensitive pieces of health data. They can reveal not just diseases but also physical anatomy, genetic markers, and lifestyle habits (such as signs of injury or drug use). Unlike credit card numbers, you cannot change an X‑ray once it is leaked. And there is currently no federal law that specifically addresses AI‑generated medical forgeries. The Health Insurance Portability and Accountability Act (HIPAA) covers data breaches, but it does not directly tackle the problem of synthetic medical images.

For patients, the risks are real but not always obvious. An altered scan could lead to a wrong diagnosis, unnecessary treatment, or a denied insurance claim. In a worst‑case scenario, a deepfake X‑ray could be used to fabricate evidence in a legal or employment dispute. The technology is advancing faster than the safeguards, and the consequences of a mistake or an attack could affect your health, your finances, and your reputation.

What readers can do

You do not need to become a medical privacy expert to reduce your risk. A few practical steps can help:

• Ask your provider how they store and share images. Many hospitals now use cloud‑based picture archiving and communication systems (PACS). Ask whether the data is encrypted at rest and in transit, and whether access logs are reviewed.
• Use patient portals to track your records. If you can view your own images and reports online, you have a better chance of noticing something that does not look right. If a scan you never had appears in your file, flag it immediately.
• Limit who can access your images. When a specialist refers you for an imaging exam, ask which offices will receive the results. Authorize only those directly involved in your care. Review your provider’s consent forms for broad data‑sharing clauses.
• Be cautious with imaging apps and services. Some direct‑to‑consumer companies offer scanning or interpretation via smartphone or email. These services may not follow the same security standards as accredited healthcare institutions. Verify that they are HIPAA‑compliant before sending any medical image.
• Report suspicious findings. If you believe your medical images have been tampered with or used without your consent, contact your provider’s privacy officer and file a complaint with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services.

Looking ahead

The RSNA studies are a call to action, not an announcement that attacks are widespread. But the technology is mature enough that we should expect attempts to exploit it. Professional radiology organizations are working on detection tools and updated guidelines, and some lawmakers have started to discuss AI‑specific data protection. Until those safeguards are in place, patients who understand the risks and take basic precautions will be better positioned to protect their medical privacy.

Sources: Radiological Society of North America (RSNA) 2026 meeting presentations on deepfake X‑rays; RSNA releases “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks” (2026).