Medical Imaging AI Raises New Privacy Risks: What You Should Know

Medical Imaging AI Raises New Privacy Risks: What You Should Know

Artificial intelligence is becoming a standard part of radiology. Algorithms now help radiologists detect tumors, fractures, and other abnormalities faster and sometimes more accurately than the human eye alone. The RSNA 2025 technical exhibits featured the largest radiology AI showcase to date, signaling that this technology is here to stay.

But with that rapid adoption comes a less discussed side effect: new privacy vulnerabilities. Medical imaging AI opens a Pandora’s box of privacy-related risks, from large-scale data breaches to a more unsettling threat—deepfake X-rays that can fool both clinicians and the AI systems meant to protect them.

What happened

The Radiological Society of North America (RSNA) has reported that deepfake X-rays are now capable of deceiving radiologists and AI models. In controlled studies, manipulated images were inserted into real patient records, and both human readers and automated screening tools failed to detect the fake. This isn’t theoretical. The same RSNA reports highlight that the technical ability to generate realistic synthetic medical images already exists, and the barrier to entry is dropping.

Beyond deepfakes, the digitization of medical images—combined with AI-driven analytics—means enormous datasets are stored and transmitted across networks. These datasets are valuable not only to researchers but also to cybercriminals. Medical images contain identifiable patient information, and unlike credit card numbers, a stolen medical record cannot be replaced. Once leaked, it remains valid for identity theft, insurance fraud, or blackmail.

Why it matters

For patients, these risks go beyond abstract privacy concerns. A fake X-ray inserted into your record could lead to an incorrect diagnosis, unnecessary treatment, or a denied insurance claim. If a malicious actor alters an image to show a condition you don’t have, you might be prescribed medications or procedures you don’t need. Conversely, a deepfake that removes a real abnormality could cause a dangerous delay in care.

The financial incentive is also strong. Criminals can use fake imaging data to submit fraudulent insurance claims, often at the patient’s expense when the fraud is later detected. And because medical data is poorly protected compared to financial data in many healthcare systems, patients may not even know their images have been compromised until damage is done.

Current regulations like HIPAA in the United States cover traditional data breaches, but they were not written with synthetic media or AI manipulations in mind. The legal framework is lagging, leaving patients with limited recourse.

What readers can do

You don’t have to accept these risks passively. Here are practical steps you can take:

• Ask about data security at your imaging provider. Before an MRI, CT, or X-ray, ask how the facility stores, encrypts, and shares your images. Do they use AI? Where does that AI process your data—on-site or in the cloud? You have a right to know.

• Review the privacy policy. Most hospitals and imaging centers publish a notice of privacy practices. Look for language about data sharing with third-party AI vendors. If it’s vague, request clarification.

• Use patient portals carefully. Many facilities now offer online access to your images. While convenient, these portals can be weak links. Use strong, unique passwords and enable two-factor authentication if available.

• Request an audit trail. Ask if the facility logs who accesses your images and when. Some systems allow you to request a report of accesses to your medical records.

• Be skeptical of unexpected findings. If you receive a diagnosis based solely on imaging that seems inconsistent with your symptoms, consider a second opinion from a different facility. A board-certified radiologist can review the original images—and sometimes detect anomalies in the digital file itself.

• Support stronger protections. Advocate for updates to laws that explicitly cover medical images and AI-generated content. The RSNA and other professional organizations have called for regulatory clarity, but public awareness helps push change.

Sources

• RSNA. Deepfake X-Rays Fool Radiologists and AI. Radiological Society of North America, March 2026.
• RSNA. RSNA 2025 Technical Exhibits Feature Largest Radiology AI Showcase. Radiological Society of North America, September 2025.
• RSNA. Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks. Radiological Society of North America, May 2026.