Medical Imaging AI Opens a Pandora’s Box of Privacy Risks: What Patients Need to Know
Artificial intelligence is increasingly used to help radiologists read X‑rays, CT scans, and MRIs faster and more accurately. That sounds like good news. But a less‑talked‑about side of the same technology is raising alarms among security researchers: the ability to create convincing fake medical images that are nearly impossible to distinguish from real ones—and the privacy risks that come with it. If you’ve ever had a medical scan, your imaging data could be at risk in ways you haven’t considered.
What Happened
In March 2026, researchers presented a study at the Radiological Society of North America (RSNA) meeting showing that AI‑generated “deepfake” chest X‑rays could fool both human radiologists and the AI algorithms designed to diagnose them. The researchers created synthetic X‑rays that looked identical to real patient images, complete with realistic pathology. When shown to radiologists, the fake images were misidentified as real about the same percentage of the time as real images were—meaning the radiologists couldn’t tell the difference. Similarly, AI diagnostic tools classified the deepfakes as genuine scans.
This is not a hypothetical problem. The same AI methods used to create these fakes are widely available as open‑source models. Anyone with enough computing power and a dataset of real medical images could generate synthetic scans that appear to come from a specific patient.
Why It Matters
Deepfake X‑rays pose two distinct threats: privacy and safety.
First, your medical images are some of the most personal data you possess. They reveal not only your anatomy but also any medical conditions, from a broken bone to early‑stage cancer. If a bad actor gains access to real scans—or creates convincing fake ones in your name—they could use that data for insurance fraud, blackmail, or even to manipulate your medical record. A fake scan could be submitted to your insurer to claim a disease you don’t have, or to an employer to justify discrimination.
Second, fake images injected into a hospital’s system could lead to misdiagnosis. A radiologist looking at a synthetic scan might see a tumor that isn’t there, leading to unnecessary biopsies or treatment. Conversely, a fake image that shows a false “normal” could hide a real problem. The RSNA study shows that the tools to cause such harm already exist.
Data breaches are another concern. Medical imaging databases are not always as secure as they should be. In 2020, a major health system reported a breach that exposed over 1.6 million patient images. As AI makes those images more valuable to attackers, the incentive to steal them grows.
What You Can Do
You cannot control how every hospital manages its data, but you can take a few practical steps to protect your imaging information.
Ask your provider about AI use. When you have a scan, ask your doctor or the imaging center whether they use AI tools to read or process images. Some centers may not be transparent; push for a clear answer. If they do use AI, ask how the system handles your data—is it stored locally, sent to a cloud service, or used to train models? If it’s used for training, request that your images be anonymized (removing your name and other identifiers) before they are used.
Understand your HIPAA rights. Under the U.S. Health Insurance Portability and Accountability Act (HIPAA), you have the right to request an accounting of who has accessed your health information, including your imaging data. You can also request that your data not be shared for research or AI training without explicit consent. If you are outside the U.S., check your country’s equivalent data protection laws (such as GDPR in Europe).
Be cautious about sharing images outside of clinical care. Some patients upload their scans to online forums or “second opinion” services. While these can be helpful, know that once your image leaves the healthcare system, it may not be covered by HIPAA or other privacy laws. Use only reputable services that have clear privacy policies and encryption.
Request anonymization for any research use. If your hospital asks to use your images for research or AI development, you can agree only if they strip all identifying information. Ask what steps they take to prevent re‑identification.
Sources
Radiological Society of North America. “Deepfake X‑Rays Fool Radiologists and AI.” RSNA Press Release, March 24, 2026. (Study presented at RSNA 2026 Annual Meeting.)
U.S. Department of Health and Human Services. “Your Rights Under HIPAA.” HHS.gov.
Additional context on medical imaging breaches: previous reports from healthcare cybersecurity firms (e.g., HIPAA Journal, 2020‑2025).
The takeaway is not to panic, but to be aware. AI in medical imaging holds tremendous promise, but like any powerful tool, it comes with new vulnerabilities. By asking the right questions and understanding your rights, you can help keep your medical images—and the private information they contain—where they belong: in your control.