What You Need to Know About Privacy Risks When AI Analyzes Your Medical Scans

What You Need to Know About Privacy Risks When AI Analyzes Your Medical Scans

If you’ve had an X-ray, MRI, or CT scan recently, there’s a good chance an artificial intelligence tool helped your radiologist interpret the images. Hospitals and imaging centers are adopting AI faster than ever to speed up diagnoses and catch subtle findings. But this rapid shift brings a less visible problem: serious privacy risks for your medical images.

A recent special report from the Radiological Society of North America (RSNA) highlights a “Pandora’s box” of privacy concerns tied to AI in medical imaging—including new threats from large language models (LLMs) that could compromise patient data. Here’s what happened, why it matters for you, and how you can take steps to protect your health information.

What Happened

In May 2025, the RSNA published a special report focused on LLM cybersecurity threats in radiology. The report warns that AI models trained on medical images can be vulnerable to attacks that re-identify patients, leak sensitive data, or introduce bias. Because imaging data is highly detailed—facial features, bone structure, and even tattoos can be visible—it is much harder to truly anonymize than simple text records. Once an AI model is trained on those images, the risk that someone could extract identifiable information increases.

The report also notes that many patients are unaware their scans may be used to train commercial AI tools. Consent forms often bury AI training permissions in pages of legalese, and opt-out options are rarely explained clearly. As AI becomes embedded in radiology workflows, these privacy gaps are only widening.

Why It Matters to You

Medical images are among the most sensitive personal data you can share. A breast MRI or a head CT reveals not only your anatomy but also clues about your genetics, medical history, and even your identity. If that data is used to train a third-party AI model and later leaked—or re-identified—the consequences can include discrimination by insurers, employers, or others.

Moreover, the RSNA report flags a specific risk from LLMs: attackers could use natural language prompts to trick AI systems into revealing training data or to manipulate diagnostic outputs. For a patient, that means a scan interpreted by a compromised AI could produce an incorrect result, or your personal details could be extracted from the model without anyone knowing.

Another concern is consent. Current practice often assumes that any de-identified data is fair game for research and AI training. But de-identification is not foolproof, and once your images enter a training dataset, you lose control over where they go—or who profits from them.

What You Can Do

You are not powerless. Here are concrete steps to protect your medical imaging data:

1. Ask if AI is used. Before your scan, ask your healthcare provider: “Will any AI software be used to analyze my images? If so, what company makes it, and will my data leave this facility?” Some hospitals develop their own AI; others send data to third-party vendors.

2. Read the consent form carefully. Many imaging centers now include a line about using your data for research or “algorithm improvement.” If you don’t want your scans used for AI training, ask if you can opt out. Some facilities allow you to check a box; others may not offer a choice. Knowing this in advance helps you decide where to go.

3. Inquire about data anonymization. Ask: “How do you remove identifying information from my images before they are shared or used for AI development?” Look for answers like “face stripping,” “defacing,” or “removing metadata.” If the answer is vague, consider it a red flag.

4. Check for breach history. You can look up your hospital’s data breach record at the U.S. Department of Health and Human Services’ Office for Civil Rights database. Frequent breaches may indicate weaker protections.

5. File a complaint if needed. If you suspect your images were used without proper consent, you can file a HIPAA complaint with the federal government or contact your state attorney general’s office.

Sources

• RSNA Special Report: “Special Report Highlights LLM Cybersecurity Threats in Radiology” (May 2025) – Link
• RSNA press release on “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (2025)

The bottom line: AI in medical imaging offers real benefits, but it also opens new risks to your privacy. Stay informed, ask questions, and don’t sign a consent form you haven’t read. Your scan is your data—treat it that way.