Title: What You Need to Know About Privacy Risks in Medical Imaging AI

Introduction

If you’ve had an X-ray, MRI, or CT scan recently, there’s a good chance an artificial intelligence system was involved in reading or analyzing those images. Hospitals and clinics are adopting AI tools at a fast pace—especially in radiology—to help detect tumors, fractures, and other abnormalities more quickly. The technology can be genuinely useful, but it also introduces new privacy risks that most patients aren’t aware of.

This article explains how those risks work, what the current safeguards are (and where they fall short), and what you can do to protect your health data.

What Happened

In May 2025, the Radiological Society of North America (RSNA) published a special report highlighting privacy and cybersecurity threats that come with large language models and other AI systems in radiology. The report’s title described a “Pandora’s Box of Privacy-Related Risks.” At the same time, another RSNA article warned about LLM-specific cybersecurity threats in medical imaging.

These aren’t academic hypotheticals. Real-world incidents have already shown that medical imaging data can be breached, re-identified, or used in ways patients never consented to. The speed at which AI is being deployed often outpaces the privacy protections hospitals have in place.

Why It Matters

AI systems don’t just look at the pixels in your scan. They also process metadata—your name, birth date, medical record number, and sometimes even genetic information. Here are the key privacy risks:

  • Data breaches: Imaging data stored in cloud-based AI platforms can be exposed if those systems aren’t properly secured. Because medical images are large files, they are often shared across multiple servers and vendors, increasing the attack surface.
  • Re-identification: Even if your name is stripped from an image, researchers have shown that facial features reconstructed from a CT or MRI scan can be matched to public databases. AI makes this kind of re-identification faster and more accurate.
  • Bias amplification: AI models trained on limited or unrepresentative data can produce biased results. But just as troubling, those biases can be encoded into the system without transparency, making it hard to audit how your data was used.
  • Lack of consent: Many patients are never told that AI will review their scans. Even when they are, the consent forms often use vague language that doesn’t explain how the AI processes or stores their images.
  • Secondary use without notice: Hospitals sometimes share de-identified imaging data with AI developers for training. While this is legal under HIPAA if proper de-identification steps are taken, those steps aren’t always foolproof, and patients rarely get a say.

The RSNA reports specifically flagged that clinicians using large language models risk inadvertently exposing patient data through AI chatbots or other tools that don’t have adequate security.

What Readers Can Do

You don’t have to refuse imaging to protect your privacy. You can take practical steps:

  1. Ask your provider if AI is used. Before the scan, ask: “Will an AI system help read my images? If so, which vendor’s tool, and how is my data protected?” A reputable hospital should be able to answer.
  2. Read the consent form carefully. Look for clauses about data sharing, third-party access, and de-identification. If the language is vague, ask for clarification. You can also ask to opt out of non-essential data sharing (e.g., training AI models).
  3. Limit who has access. If you’re getting a second opinion, ask whether the images will be sent through a secure platform. Avoid using email or patient portals that aren’t encrypted for large image files.
  4. Keep a record of your scans. Some facilities now let you download your own imaging files (on a CD or via a secure link). Having your own copy gives you control and reduces the need for repeated sharing.
  5. Know your rights under HIPAA. You have the right to know who has accessed your medical records, including imaging data. You can request an audit trail from your provider. If a breach occurs, you must be notified—but don’t assume you’ll hear about every minor exposure.

Sources

  • Radiological Society of North America. “Special Report Highlights LLM Cybersecurity Threats in Radiology.” RSNA, May 14, 2025.
  • Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA, May 20, 2026.
  • Radiological Society of North America. “Radiologists Share Tips to Prevent AI Bias.” RSNA, May 20, 2025.

Note: The specific breach statistics mentioned in this article come from general cybersecurity research and are not attributed to any single incident unless explicitly cited. As with any new technology, the full scope of risks is still emerging.