How Medical Imaging AI Could Expose Your Private Health Data — and What to Do

Artificial intelligence is making medical imaging faster and more accurate, but recent research reveals a darker side: the same AI tools that help radiologists spot disease can also be turned against patients. Deepfake X-rays, model inversion attacks, and security gaps in large language models (LLMs) are creating new ways for personal health data to be exposed or manipulated. Here’s what’s happening and how you can protect yourself.

What happened

In March 2026, researchers presented findings at the Radiological Society of North America (RSNA) showing that AI-generated deepfake X-rays could fool both human radiologists and AI diagnostic systems. The fake images were convincing enough to cause misdiagnosis or fraud—for example, inserting a tumor into a healthy scan to claim insurance payouts.

A separate RSNA special report in May 2025 highlighted cybersecurity risks from LLMs used in radiology. These models, when connected to hospital networks, can be tricked into revealing patient data or generating harmful outputs if not properly secured. Additionally, techniques like model inversion allow adversaries to reconstruct identifiable images from an AI’s training data—meaning your de-identified scan might still be traceable back to you.

These threats aren’t just theoretical. The RSNA report on AI bias also noted that biased training data can cause misdiagnosis, but the privacy risks are less discussed yet equally urgent.

Why it matters

Medical imaging data is among the most sensitive health information you have. A stolen X-ray or CT scan can reveal not just your identity but also health conditions, genetic markers, and even physical uniqueness (like bone structure). Deepfake images could be used for insurance fraud, blackmail, or to manipulate electronic health records.

For patients, the immediate concern is that a fabricated image could lead to wrong treatment—unnecessary surgery for a fake tumor, or a missed real one. For providers, a data breach involving AI tools can destroy trust and lead to legal liability. The healthcare industry is already a prime target for cyberattacks, and AI introduces an additional layer of vulnerability.

What readers can do

While you can’t control hospital cybersecurity policies, you can take steps to reduce your exposure and advocate for safer practices.

Ask questions before imaging. Ask your provider whether AI tools are used on your scans and how your data is stored, encrypted, and shared. Hospitals are required to provide a Notice of Privacy Practices under HIPAA—read it.

Request transparency. Ask if the facility has a process for detecting manipulated images. Radiologists should be aware of deepfake risks; you can politely ask if they have safeguards in place.

Limit unnecessary data collection. If you’re participating in a research study that uses AI to analyze your scans, understand what data will be retained and whether it can be fully deleted later. Models trained on your images may retain information indefinitely.

Use patient portals securely. Many hospitals offer portals where you can view your imaging reports. Enable two-factor authentication and avoid using public Wi-Fi to access them.

Advocate for regulation. Support policies that require AI systems in healthcare to undergo independent security testing before deployment. The RSNA itself has called for transparency and standards.

For providers and IT managers, the RSNA bias prevention tips (May 2025) emphasize diverse training data and regular audits. For security, the LLM report recommends isolating AI tools from core clinical databases and logging all queries.

Sources

  • RSNA: “Deepfake X-Rays Fool Radiologists and AI” (March 2026)
  • RSNA: “Special Report Highlights LLM Cybersecurity Threats in Radiology” (May 2025)
  • RSNA: “Radiologists Share Tips to Prevent AI Bias” (May 2025)
  • RSNA: “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (May 2026)