Medical Imaging AI Raises New Privacy Risks: What Patients Need to Know
Medical imaging has become a crucial part of modern diagnostics, and artificial intelligence is increasingly used to interpret X-rays, MRIs, and CT scans faster than human radiologists. The promise is real—earlier detection, fewer missed findings, and less workload for overburdened clinicians. But a growing body of research from the Radiological Society of North America (RSNA) suggests a less discussed side effect: AI in medical imaging creates new privacy and security risks that patients should not ignore. From deepfake X-rays that fool both doctors and algorithms to large language model (LLM) threats that can bypass security systems, the vulnerabilities are more than theoretical. This article explains what is happening, why it matters to you, and what steps you can take to protect your medical images.
What Happened
Several recent RSNA reports have highlighted the emerging privacy risks. One study published in March 2026 demonstrated that deepfake X-rays could be generated that look realistic enough to fool both human radiologists and AI diagnostic tools. Another RSNA special report from May 2025 focused on LLM cybersecurity threats in radiology, showing how such models could be used to craft phishing attacks or query sensitive patient data. These findings are part of a broader pattern: as medical imaging data becomes more digitized and accessible for AI training, the attack surface grows. The research underscores that the same AI advances that improve diagnosis can also be weaponized to create convincing fake images or extract private health information.
Why It Matters
For patients, the implications are twofold. First, there is the risk of data exposure. Medical images contain highly personal information—not just the anatomical details visible in the scan, but also metadata like patient name, date of birth, and institution. If an imaging database is breached, that data can be used for identity theft, insurance fraud, or blackmail. Second, there is the risk of manipulation. A deepfake X-ray or CT scan could be inserted into a patient’s record to alter a diagnosis, delay treatment, or commit fraud. The RSNA reports make clear that current verification methods are not always robust enough to catch such forgeries. Meanwhile, LLM-based attacks can target the communication channels used to share images, such as email or cloud portals, making it harder to know if the image you see is authentic.
It is worth noting that these risks are not yet widespread. Many healthcare providers have strong security practices. But the technology to exploit these vulnerabilities is advancing quickly, and the standard protections of a decade ago may not be sufficient.
What Readers Can Do
You do not need to become a cybersecurity expert to reduce your risk. Here are practical steps you can take as a patient:
Ask about encryption and storage. Before undergoing imaging, ask your provider how your images are stored and transmitted. Look for answers that mention end-to-end encryption and secure, HIPAA-compliant servers. If the facility cannot give a clear answer, consider it a red flag.
Use secure patient portals. Many hospitals and imaging centers offer online portals to view your results. Use them directly rather than relying on emailed links or third-party file-sharing services. If you receive a link to view an image, verify the sender’s identity before clicking.
Request access logs. Ask your provider for an audit trail of who has accessed your medical images and when. Under HIPAA in the U.S., you have the right to request this. Regularly checking can help detect unauthorized access early.
Be cautious about sharing images. If you post a de-identified image online (e.g., for a second opinion forum), be aware that advanced tools can sometimes re-identify you through metadata or pattern matching. Remove metadata before sharing, or use platforms recommended by your provider.
Demand transparency about AI use. Ask your radiologist or imaging center whether AI tools are used to analyze your scans. While AI-assisted diagnosis is common, you should know what data the AI is trained on and whether your images will be used for future model development. If you do not consent to your images being used beyond your care, say so.
Stay informed about regulation. In the United States, the HIPAA Privacy Rule and Security Rule provide baseline protections, but they were not designed for AI-specific threats. Some states are enacting stronger health data privacy laws. Support advocacy for clearer rules on medical AI transparency and breach reporting.
Sources
- RSNA, “Deepfake X-Rays Fool Radiologists and AI” (March 2026).
- RSNA, “Special Report Highlights LLM Cybersecurity Threats in Radiology” (May 2025).
- RSNA, “Radiologists Share Tips to Prevent AI Bias” (May 2025).
These reports are freely available through the RSNA website and are a good starting point for anyone who wants to dig deeper. As the technology evolves, staying aware is one of the best defenses you have.