How Medical Imaging AI Could Leak Your Private Health Data—and What to Do About It

If you’ve had an X‑ray, MRI, or CT scan in the last year, there’s a decent chance that artificial intelligence helped a radiologist read it. Major medical conferences like the Radiological Society of North America (RSNA) have been showcasing AI tools for years, and adoption in hospitals is accelerating. The promise is real: AI can spot subtle fractures, tumours, and early disease markers that even trained eyes might miss.

But there is a less discussed side to this technology. The same data that feeds AI models—your medical images—can also expose you to new privacy risks. Data breaches, re‑identification of anonymised scans, and even deepfake X‑rays that could be used to manipulate your medical record are no longer theoretical. Understanding these risks, and knowing what to ask your provider, is becoming part of being an informed patient.

What Happened: The Privacy Risks Are Now in Plain Sight

In March 2026, researchers presented findings at RSNA showing that deepfake X‑rays could fool both radiologists and the AI algorithms used to analyse them. The study demonstrated that synthetic chest X‑rays, generated using generative adversarial networks (GANs), were indistinguishable from real scans to human experts and to several commercial AI tools. This is not just a cybersecurity curiosity—it means that fabricated images could be inserted into a patient’s file, potentially altering diagnoses, treatment plans, or insurance claims.

Separately, a broader RSNA article published in May 2026 warned that medical imaging AI “opens a Pandora’s box of privacy‑related risks.” The article highlighted three main concerns:

  1. Data breaches: Many AI radiology tools rely on cloud‑based processing. When images are sent to third‑party servers for analysis, they become part of a larger attack surface. A breach at a cloud vendor could expose thousands of scans at once.
  2. Re‑identification: Even when images are anonymised—names and numbers removed—AI techniques can re‑identify patients by matching facial features reconstructed from head scans or by linking unique anatomical markers to public databases.
  3. Deepfake manipulation: As shown in the March study, fake images can be generated that look authentic. An attacker could add or remove a suspicious nodule to fraudulently change a diagnosis.

These are not isolated incidents. The RSNA 2025 technical exhibits featured the largest radiology AI showcase yet, meaning the number of vendors and cloud integrations is growing fast. With more data flowing through more systems, the potential for exposure increases.

Why It Matters for You

Your medical images are deeply personal. They contain information about your body that even you may not know—bone structure, organ shapes, genetic markers. Unlike a credit card number, you cannot change your spinal column after a breach.

The re‑identification risk is particularly insidious. Researchers have shown that a simple 3D reconstruction of a head CT can be matched to a person’s face using publicly available photos. If your scan is part of a research dataset that is later breached, your identity and medical history could be linked.

Deepfake X‑rays add an active threat. Consider a scenario where someone with access to your medical file alters a scan to show a condition you don’t have, then files an insurance claim—or conversely, removes a real tumour to delay treatment. The study from RSNA confirmed that current detection tools are not reliable. Both humans and AI were fooled at high rates.

The real issue is that most patients are never told that AI is being used on their scans, let alone how their data is stored or shared. Privacy policies are long, legal documents; consent forms rarely mention third‑party AI processors.

What You Can Do as a Patient

You do not need to become a cybersecurity expert to protect yourself. A few practical questions and habits can reduce your exposure.

Ask your radiologist or imaging centre:

  • “Does your AI tool process my images on‑site or in the cloud?”
  • “Is my image data stored in a de‑identified form? Can it be removed after analysis?”
  • “Who has access to my images beyond the hospital—research groups, software vendors?”

Some facilities offer an option to opt out of having your images used for AI training or research. This may mean your scans are analysed by a human alone, which is often acceptable for routine cases. For critical findings, AI might still be used, but you can ask about data handling.

Before a scan, review the consent form for mentions of “third‑party processing” or “cloud‑based analysis.” If the language is vague, ask for clarification. If you are not comfortable, consider whether the scan is urgent. For elective imaging, you can shop around for a provider with clearer privacy practices.

After a scan, request a copy of your images on CD or via a secure patient portal. Keeping your own records helps you verify what is in your file and encourages providers to maintain accurate logs.

Stay informed about data breaches. If your hospital has a breach notification policy, sign up for alerts. If you learn that a vendor used by your imaging centre was compromised, check whether your images were included.

The Future: Regulation Needs to Catch Up

The RSNA research and reports are a signal that the medical community is aware of these dangers. But industry self‑regulation is unlikely to keep pace with the speed of AI adoption. Some experts have called for standardised privacy impact assessments before new imaging AI tools are deployed, as well as mandatory reporting of any re‑identification incidents.

Patients can help push for change by raising these questions with their providers and insisting on transparency. In the meantime, being proactive about your own data is the most reliable protection.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy‑Related Risks.” RSNA News, May 20, 2026.
  • Radiological Society of North America. “Deepfake X‑Rays Fool Radiologists and AI.” RSNA News, March 24, 2026.
  • Radiological Society of North America. “RSNA 2025 Technical Exhibits Feature Largest Radiology AI Showcase.” RSNA News, September 30, 2025.

Note: The deepfake study referenced above is based on a research presentation at RSNA 2026. The full findings have not yet been published in a peer‑reviewed journal, but the RSNA news article provides a reliable summary of the results presented.