How Medical Imaging AI Could Expose Your Health Data—And What to Do About It

Every time you get an X-ray, MRI, or CT scan, the images become part of your medical record. Hospitals increasingly use artificial intelligence tools to help radiologists interpret those images faster and more accurately. That sounds good—and often it is. But the same technology also introduces serious privacy risks that many patients don’t know about.

Recent reports from the Radiological Society of North America (RSNA) have highlighted two emerging threats: deepfake X-rays that can fool both humans and AI, and cybersecurity vulnerabilities in large language models (LLMs) used in radiology. If you’ve ever had medical imaging done, here’s what you need to know and what you can do.

What happened

In March 2026, RSNA published research showing that manipulated X-ray images—deepfakes created with AI—could trick experienced radiologists and automated diagnostic systems alike. These fake images are realistic enough to cause misdiagnosis or cover up real findings. While the technology is still developing, the potential for fraud or malicious use is real.

A year earlier, in May 2025, RSNA released a special report on LLM cybersecurity threats in radiology. Large language models are being integrated into radiology workflows for tasks like generating reports or answering clinical questions. The report warned that these systems can be exploited by attackers to access patient data, generate misleading information, or even inject malicious commands into hospital networks.

Both reports make clear that the trove of medical imaging data—often poorly protected compared to other health records—is increasingly vulnerable as AI becomes more common.

Why it matters

Medical images are among the most sensitive pieces of personal information you have. They reveal not just your diagnosis but also your anatomy, and they are very hard to change (no resetting a broken bone). If an attacker gains access to your imaging data, they could use it for blackmail, insurance fraud, or identity theft. Deepfake images could also be used to fabricate injuries or illnesses for fraudulent claims.

Moreover, many patients don’t realize that the datasets used to train medical AI often include real images from previous patients. If those datasets are breached or misused, your private health data could be exposed. The regulatory landscape around this kind of data is still catching up—it’s not always covered by HIPAA the way other medical records are.

What readers can do

You don’t need to avoid necessary imaging, but you can take practical steps to protect your privacy:

  1. Ask your provider about AI use. Before an imaging appointment, ask if AI tools will be used to interpret your scans and what data handling policies are in place. Many hospitals are happy to explain.

  2. Request anonymization. Ask if your images can be stripped of identifying information before being added to any training dataset. Under HIPAA, you have the right to request restrictions on how your data is used, though the provider may not always agree.

  3. Review privacy policies. Check your hospital or imaging center’s privacy policy for mention of AI and data sharing. Look for clauses about de-identification, third-party vendors, and patient consent.

  4. Be cautious with online sharing. Avoid posting your medical images on social media or unsecured cloud services. Even a blurry MRI can contain embedded metadata or enough detail to be exploited.

  5. Ask about encryption. When images are transmitted electronically, they should be encrypted. If you’re worried, ask your radiology department whether they use encrypted networks for image transfers.

  6. Stay informed about breaches. Sign up for breach notifications from your healthcare providers. If a breach occurs, you have rights under HIPAA to know what data was exposed.

Future outlook

Regulators are starting to take notice. The FDA has begun evaluating AI-enabled medical devices for security risks, and some states are considering new laws to protect medical imaging data. But progress is slow, and the technology evolves faster than the rules. For now, the most effective protection is a well-informed patient who asks the right questions.

The RSNA reports are available online and worth reading for anyone who wants detailed technical context. The key takeaway: AI in medical imaging is a powerful tool, but it comes with strings attached. Know those strings before you sign any consent form.

Sources

  • Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” March 24, 2026.
  • Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” May 14, 2025.