New AI Privacy Risks in Medical Imaging—What Patients Need to Know

New AI Privacy Risks in Medical Imaging—What Patients Need to Know

Artificial intelligence is rapidly becoming a standard tool in radiology. It helps radiologists detect cancers, flag fractures, and prioritize urgent cases. But the same technology that improves diagnosis also introduces new privacy risks—some that patients may not be aware of. Recent warnings from the Radiological Society of North America (RSNA) have highlighted how AI can be used to create convincing fake X-rays, and how medical imaging data is increasingly vulnerable to misuse.

What happened

In March 2026, RSNA published research showing that deepfake X-rays can fool both human radiologists and AI diagnostic systems. Researchers generated synthetic chest X-rays that appeared normal or showed specific diseases, and even experienced radiologists could not reliably distinguish them from real scans. The study demonstrated that AI models trained on real medical images can be tricked by carefully crafted fakes, raising the possibility of manipulated medical records or falsified evidence.

This is not an isolated experiment. Medical imaging data is some of the most sensitive health information a person has. Unlike a lab result that can be rechecked, an X-ray or MRI contains detailed anatomical information that cannot be changed. As hospitals and imaging centers adopt AI tools, the data flows through more systems and third-party vendors than ever before. Each transfer point is a potential leak.

Why it matters for patients

The risks fall into several categories. First, a deepfake X-ray inserted into your medical record could lead to misdiagnosis—either missing a real condition or diagnosing one you do not have. That could mean unnecessary treatment, delay of care, or even surgery. Second, your actual imaging data could be stolen in a breach and used for identity theft, insurance fraud, or discrimination. Insurers or employers might access scans without your consent and use them to deny coverage or raise premiums. Third, even if no breach occurs, your images may be used to train AI models without your knowledge. Many hospital consent forms include broad clauses that allow secondary use of medical data for research and development, often without opt-out options.

A 2025 report from the Ponemon Institute found that healthcare data breaches cost an average of $11 million per incident, and imaging files were among the most targeted because of their high value on black markets. Deepfake technology adds a new layer: now attackers can modify images to commit fraud rather than just steal them.

What readers can do

You cannot control how every hospital handles your data, but you can take practical steps to reduce your exposure.

1. Ask about encryption and data sharing. Before an imaging exam, ask your provider how your images are stored and whether they are shared with any third-party AI services. Request written assurance that your data is encrypted during transmission and at rest. If they cannot give a clear answer, consider switching providers.

2. Opt out of secondary use. Check the consent form you sign before imaging. Many include a checkbox allowing your data to be used for research or AI training. Uncheck it. If no option is given, ask if you can sign a restricted consent that limits use to your own diagnosis and treatment only.

3. Request data deletion after you no longer need it. Most states do not require providers to keep your imaging data indefinitely. Some facilities retain images for years or decades. Ask their records department what their retention policy is and request deletion after a reasonable period (e.g., 10 years past your last visit). Keep a copy for your own records if needed.

4. Monitor your medical records. Review your health records annually—especially imaging reports. Look for any scans or diagnoses you do not recognize. If you see something suspicious, request an audit trail showing who accessed your images and when. You have the right to know under HIPAA.

5. Use patient portals securely. If your provider offers a portal to view your images, enable two-factor authentication. Use a strong, unique password. Do not share your login credentials. Avoid downloading images to public computers or unsecured networks.

The outlook

Regulators are beginning to take notice. The U.S. Department of Health and Human Services has issued guidance on AI transparency, and some states are considering laws that require patient consent before using medical images for AI training. But these protections are patchy and still developing. Until stronger rules are in place, patients need to be proactive.

Medical imaging AI is a powerful tool, but it opens what RSNA has called a Pandora’s box of privacy-related risks. Knowing what is at stake and taking simple precautions can help you keep your health data in your own hands.

Sources

• Radiological Society of North America (RSNA). Deepfake X-Rays Fool Radiologists and AI. March 2026.
• RSNA. Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks. May 2026.
• Ponemon Institute. Cost of a Data Breach Report 2025. Healthcare supplement.
• U.S. Department of Health and Human Services. AI Transparency in Healthcare Guidance. 2025.