The Hidden Privacy Risks of Medical Imaging AI—and What You Can Do

Artificial intelligence is becoming a standard tool in radiology. It helps detect tumors, fractures, and other abnormalities faster than traditional methods. But as AI digs deeper into medical images, it also opens new avenues for privacy breaches, data theft, and even fraud. A recent report from the Radiological Society of North America (RSNA) warns that AI in medical imaging introduces a Pandora’s box of privacy risks—and the issue is already here.

What happened

The RSNA report, published in May 2026, highlights several ways AI systems in medical imaging create unexpected vulnerabilities. First, the massive datasets needed to train AI models are often stored in ways that make patient re-identification possible, even when names and ID numbers are stripped. Researchers have shown that facial features in CT and MRI scans can sometimes be reconstructed to identify individuals.

Second, the same AI that helps radiologists can also be used against them. In March 2026, researchers demonstrated deepfake X‑rays that fooled both human radiologists and AI diagnostic tools. These fake scans can be inserted into a hospital’s system, leading to misdiagnoses or fraudulent insurance claims. The RSNA also published a special report in May 2025 on LLM cybersecurity threats in radiology, pointing out that large language models could be used to craft phishing emails targeting radiology staff, or even to manipulate AI reporting software.

Why it matters

For patients, the stakes are high. Your medical images contain far more than a broken bone or a lung nodule. They can reveal age, gender, body shape, and—if not properly anonymized—your identity. A 2024 study found that many public medical imaging datasets have not been fully anonymized, meaning anyone with access to the database could potentially link scans back to individuals.

The deepfake threat is equally concerning. If a convincing fake X‑ray can be generated, it could be used to submit false evidence of injury for insurance fraud, or to discredit a diagnosis. In a worst‑case scenario, a hacker could replace a real scan in a hospital’s system with a deepfake, leading to wrong treatment. These are not hypothetical risks. The RSNA report notes that the tools to create deepfake medical images are already available and improving rapidly.

Beyond individual harm, these risks erode trust in healthcare AI. If patients do not believe their medical data is safe, they may avoid necessary imaging or withhold information from doctors. That undermines the very purpose of AI in diagnostics: better, faster care.

What readers can do

You don’t need to be a cybersecurity expert to protect yourself. Here are concrete steps:

  • Ask your provider about their AI tools. When you go for an MRI or CT scan, ask whether AI is used to analyze the images, and if so, how the facility protects the data. Reputable hospitals will have a privacy policy they can share.

  • Understand your data rights. Under HIPAA in the U.S., you have the right to request an accounting of who has accessed your medical records, including images. In Europe, GDPR gives you stronger control over your data, including the right to deletion in some cases.

  • Be cautious with patient portals. Some hospital portals allow you to view and download your own images. Ensure you use strong passwords and two‑factor authentication if available. Do not share your medical images on social media or unencrypted messaging apps.

  • Support stronger regulations. Current laws like HIPAA were written before AI became widespread in radiology. Patient advocacy groups are pushing for updates that require anonymization standards, breach reporting specific to AI datasets, and mandatory security audits for AI systems. You can reach out to your elected representatives or support organizations like the Patient Privacy Rights Foundation.

For healthcare professionals and IT teams, the RSNA report recommends encryption at rest and in transit, strict access controls on training datasets, and regular red‑team testing of AI systems for vulnerabilities. If you work in radiology, ask your cybersecurity team about deepfake detection tools and LLM security practices.

Sources

  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA News, May 2026.
  • Radiological Society of North America. “Deepfake X‑Rays Fool Radiologists and AI.” RSNA News, March 2026.
  • Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” RSNA News, May 2025.
  • B. Li et al., “Re‑identification of Patients from CT Scans Using Facial Reconstruction,” Radiology, 2024.

(Note: The RSNA articles are referenced as reported in the news aggregator, and the specific publication dates and authors may vary. The deepfake and LLM findings are based on conference presentations and peer-reviewed studies cited by RSNA.)