When Your X-Ray Is a Deepfake: The Privacy Risks of AI in Medical Imaging
Artificial intelligence is transforming radiology. Hospitals now use AI to read X-rays, CT scans, and MRIs faster and sometimes more accurately than human radiologists. That sounds like good news—and in many ways it is. But the same technology that helps diagnose disease can also be turned around and used to manipulate or steal medical images. And as AI becomes cheaper and easier to run, the risks to patient privacy are growing faster than many people realize.
What Happened
In March 2026, researchers presented findings at the Radiological Society of North America (RSNA) conference showing that AI-generated deepfake X-rays can fool both experienced radiologists and AI diagnostic tools. The study demonstrated that synthetic chest X-rays—created using generative adversarial networks (GANs)—were convincing enough to be mistaken for real images. The implications go beyond academic curiosity: if an attacker can insert a fake scan into a medical record, they could alter a diagnosis, commit insurance fraud, or even blackmail a patient with fabricated evidence of disease.
Separately, the RSNA has been warning for over a year that the rapid adoption of AI in medical imaging opens a “Pandora’s box” of privacy-related risks. Healthcare data is already a prime target for cybercriminals because it contains personal identifiers, insurance details, and biometric information. Medical images themselves are now considered valuable data—they can be used to train AI models, but they can also be stolen and resold on dark web markets.
Why It Matters
For patients, the risks are not abstract. A deepfake X-ray added to your medical record could lead to a wrong diagnosis, unnecessary treatment, or denial of insurance coverage. It could also be used for identity theft: an X-ray of your lungs or bones is a form of biometric data, unique to you. If a criminal obtains your medical images and combines them with other leaked data, they could impersonate you for healthcare fraud or prescription drug abuse.
Moreover, many hospitals and imaging centers do not yet have strong safeguards to detect manipulated images. The same AI tools that help radiologists can also be used to create convincing fakes. The technology itself is neutral—but its misuse is a growing concern. As AI models improve, the line between real and synthetic will blur further. Patients have a right to know whether their imaging data is being stored securely and whether their facility has measures in place to verify the authenticity of scans.
What Readers Can Do
You don’t need to be a cybersecurity expert to reduce your risk. Here are concrete steps you can take:
1. Ask your provider about data security. Before you undergo any imaging procedure, ask the facility how they store and protect your images. Do they use encryption? Who has access? Are images kept on secure servers or sent to third-party AI vendors? If the staff cannot give a clear answer, that is a red flag.
2. Review your medical records regularly. Under U.S. law (HIPAA), you have the right to access your medical records, including imaging reports. If something seems off—a scan you never had, a diagnosis you don’t recognize—report it immediately. Early detection of tampering can limit damage.
3. Be cautious with health apps that store images. Some consumer apps let you upload X-rays or other scans for a second opinion or AI analysis. Before using them, verify that the app has a clear privacy policy, uses end-to-end encryption, and does not sell your data. Free apps often monetize data.
4. Understand consent forms. Some imaging centers include clauses that allow them to use your images for AI training or research without explicit permission. Read the fine print. You have the right to opt out of data sharing for purposes beyond your own care. If the form is unclear, ask for clarification or request that your images be excluded from any research database.
5. Keep your health insurance documents secure. Claims and referrals often include imaging data. Treat those documents as you would your Social Security number—shred them before disposal and avoid sharing them unnecessarily.
Sources
- RSNA 2026 presentation: “Deepfake X-Rays Fool Radiologists and AI” (Radiological Society of North America, March 24, 2026)
- RSNA report: “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (2025–2026)
- General cybersecurity guidance on health data: U.S. Department of Health and Human Services, HIPAA Privacy Rule
The future of medical imaging AI is promising, but it is not risk-free. Staying informed and asking the right questions is the best way to protect your health data—and your health.