Medical Imaging AI Opens a Pandora's Box of Privacy Risks: What You Need to Know

Medical Imaging AI Opens a Pandora’s Box of Privacy Risks: What You Need to Know

Artificial intelligence is improving how radiologists read X-rays, CT scans, and MRIs. Algorithms can spot tumors, fractures, and other abnormalities faster than humans alone. That’s good for patients. But a growing body of research suggests that the same technology also creates new ways for medical images to be stolen, manipulated, or misused — in ways many patients aren’t aware of.

A recent report from the Radiological Society of North America (RSNA) outlines a range of privacy risks tied to AI in medical imaging. Among the most alarming is the emergence of “deepfake” X-rays: synthetic images that can fool both radiologists and AI detection tools. The report, along with a separate RSNA study published in March 2026, shows that these fabricated images are no longer a theoretical threat — they are real, and they work.

What happened

Researchers demonstrated that AI-generated deepfake X-rays could be inserted into medical records or used to create entirely false diagnoses. In one study, radiologists and commercial AI systems were equally deceived by the fake images. The research suggests that someone with access to a patient’s imaging data could create a convincing fraudulent scan, potentially leading to incorrect treatment or an insurance claim for a condition that never existed.

This threat sits on top of more familiar privacy concerns. Medical imaging data is increasingly digitized and shared across hospitals, imaging centers, and cloud storage providers. Data breaches involving medical images have been documented, and because images often contain metadata — like patient names, dates of birth, and even facial features in some scans — re-identification is possible even after anonymization. The RSNA report warns that the very features that make AI useful for diagnosis also make it easier to scrape, copy, and manipulate imaging datasets at scale.

Why it matters

For patients, these risks have direct consequences. A deepfake X-ray could be used to support a fraudulent disability claim or to deny coverage for a real condition. If a fabricated scan enters a hospital’s system, it could take weeks or months to untangle — all while a patient’s treatment is affected. Even without deepfakes, the mere theft of imaging data can lead to identity theft, insurance fraud, or embarrassment if sensitive images are leaked.

Unlike a credit card number, you cannot change an X-ray of your skull or spine once it is exposed. That permanence is what makes medical imaging data so valuable to bad actors — and so difficult to protect.

The RSNA report notes that many patients are unaware that their scans are stored in image archives accessible to multiple third parties, including AI vendors, cloud service providers, and sometimes research institutions. HIPAA provides some protections, but it doesn’t cover all scenarios — especially when data is shared for AI training or used in research without explicit consent.

What readers can do

Patients don’t have complete control over how their medical images are handled, but there are practical steps to reduce exposure.

• Ask your provider. Before an imaging exam, ask how your images are stored, who has access, and whether they are shared with any external AI systems or research databases. Some facilities have opt-out forms for research data sharing.

• Avoid posting images online. Sharing your X-ray or MRI on social media — even in a de-identified form — can expose metadata or distinguishing markers that could be used to re-identify you.

• Request an image access log. If you have had multiple scans, ask your radiology department for a record of who accessed your images and when. Under HIPAA, you can request an accounting of disclosures.

• Use portals cautiously. Many hospitals now offer patient portals where you can view your own images. Be mindful of who else has access to your account, and use strong passwords.

• Stay informed. The RSNA and other professional societies are developing guidelines for AI security. As a patient, you may not be able to enforce these standards, but knowing they exist helps you ask better questions.

Sources

• Radiological Society of North America (RSNA). “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” March 2026. Link

• Radiological Society of North America (RSNA). “Deepfake X-Rays Fool Radiologists and AI.” March 24, 2026. Link

Note: The RSNA is a reputable medical society. The articles cited were published in 2026 and reflect active research into AI-related privacy risks in radiology.