Medical Imaging AI Raises Serious Privacy Risks: What Patients Need to Know

Artificial intelligence is changing how radiologists read X-rays, CT scans, and MRIs. Algorithms can now spot tumors, fractures, and other abnormalities faster than a human eye. But this progress comes with a catch: your medical images may be far less private than you think.

In May 2026, the Radiological Society of North America (RSNA) published a report warning that AI in medical imaging opens what it calls a “Pandora’s Box” of privacy-related risks. The report is a sobering read for anyone who has ever had a scan—or plans to have one.

What Happened

The RSNA report compiles expert consensus on several ways that AI systems can inadvertently expose sensitive health information. The core issue: training AI models requires massive datasets of medical images, often shared across hospitals, research institutions, and third-party vendors. Even when images are “de-identified”—stripped of obvious identifiers like names and Social Security numbers—the data can still be linked back to a specific person.

The report highlights three main risks:

  • Re-identification. Facial features, bone structure, or even unique medical conditions visible in a scan can be matched against public records to identify a patient. Studies have shown that de-identified medical images can be re-identified with high accuracy.
  • Model inversion attacks. If an AI model is trained on your scan, a malicious actor could use the model to reconstruct a close approximation of that image, potentially revealing your anatomy or condition.
  • Data leaks through third-party AI tools. Many hospitals use cloud-based AI services from outside vendors. If those services are not properly secured, your imaging data could be exposed. The RSNA report specifically notes that large language models and AI assistants in radiology introduce new cybersecurity threats.

Why It Matters for Patients

Medical images are among the most personal data you can generate. They reveal not only your identity but also your health status, genetic traits, and even your physical appearance. Unlike a credit card number, you can’t change your body if a scan is leaked.

The RSNA report stresses that current anonymization techniques are not foolproof. And while US law (HIPAA) gives you some rights over your health information, enforcement can be inconsistent. Many patients are never told how their images will be used for AI training—it may be buried in consent forms they sign at the clinic.

The stakes are high. Imagine a future where an insurance company uses AI-reconstructed images to deny coverage based on a preexisting condition seen in a training dataset. Or where an employer gains access to scans that reveal a disease you haven’t yet disclosed. These scenarios are not science fiction; they are the logical outcome of insufficient privacy safeguards.

What Patients Can Do Right Now

You don’t need to refuse a necessary scan. But you can take practical steps to protect your medical images.

Ask your provider about their AI practices. Before an imaging exam, ask whether AI will be used to analyze your images, and if so, whether that AI is run on-site or through a third-party cloud service. Some hospitals will give you a straight answer; others may refer you to their privacy office.

Read the consent form carefully. Many clinics include a checkbox allowing your images to be used for research or AI training. If you are not comfortable, you can often opt out. However, be aware that opting out may limit your access to certain AI-enhanced diagnostic tools because some hospitals use AI as part of routine interpretation.

Use your patient portal. After your exam, log in to your patient portal and review who has accessed your imaging records. If you see an unfamiliar vendor or researcher, contact the provider’s privacy officer.

Support stronger regulations. The RSNA report calls for transparency in how medical images are used and for better anonymization standards. Patients can advocate for laws that require clear consent and limit secondary uses of imaging data.

Monitor for data breach notifications. If a hospital or imaging center suffers a breach involving AI systems, they are generally required to notify affected patients under HIPAA. Take those notifications seriously and consider placing a fraud alert if your personal information was exposed.

Sources

This article draws on the RSNA report “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” published May 20, 2026. Additional context comes from peer-reviewed literature on re-identification risks and cybersecurity in healthcare AI. The RSNA is a leading professional society of radiologists with over 50,000 members worldwide, and its reports are considered authoritative in the field.