Your Medical Scans Are at Risk: How AI Is Creating New Privacy Threats

Your Medical Scans Are at Risk: How AI Is Creating New Privacy Threats

Artificial intelligence is becoming a standard part of radiology. It helps radiologists spot fractures, tumors, and other abnormalities faster and sometimes more accurately than a human eye alone. That is good news for diagnosis. But the same technology that makes AI helpful in reading scans also makes it possible to create convincing fake images, and medical imaging data has become a high-value target for cybercriminals. Patients who undergo X-rays, MRIs, or CT scans should understand what these changes mean for their privacy.

What Happened

The Radiological Society of North America (RSNA) has published research showing that AI can generate synthetic medical images—sometimes called deepfake scans—that are nearly indistinguishable from real ones. In controlled tests, both radiologists and AI detection tools were fooled by these fabricated images. The technology itself is not new, but its application to medical imaging is growing, and the risks are becoming more concrete.

At the same time, hospitals and imaging centers have been hit by ransomware attacks that specifically target imaging data. In several documented incidents, attackers encrypted patient records and imaging files, demanding payment to restore access. Medical images are often stored on legacy systems with weaker security than newer electronic health record platforms, making them an easier entry point for hackers.

Why It Matters

The risks fall into three categories.

First, deepfake medical images could be used for fraud. An attacker might alter a scan to show an injury that does not exist, then use it to support a false insurance claim. Conversely, a fabricated scan could hide a real condition, leading to a wrong diagnosis or denial of coverage.

Second, medical images contain metadata that can identify you—name, date of birth, medical record number, sometimes even insurance details. Unlike credit card numbers, this information cannot simply be reissued. If your scan is stolen or leaked, the personal data it carries is exposed permanently.

Third, hospitals may use your images to train AI systems, sometimes without your explicit consent. While de-identification standards exist, the process is not always thorough. Residual personal data can remain, and in some cases, images are shared with third-party AI vendors who may not have the same privacy protections as your provider.

What You Can Do

You do not need to become a security expert, but a few steps can help protect your medical imaging data.

• Ask your provider before a scan. Inquire how your images will be stored, who has access, and whether they are used for AI training. If you do not want your images used for training, you can request they be excluded. Many facilities have opt-out procedures.

• Request anonymization. If your images are part of a research dataset or AI development, ask that all identifying metadata be stripped. Most reputable institutions already do this, but it does not hurt to confirm.

• Be cautious about sharing images. Some patients upload scans to online forums for second opinions. Before doing that, remove any metadata yourself using a free tool, or use a service that guarantees deletion of personal information.

• Watch for suspicious billing or diagnosis changes. If you receive an explanation of benefits or a medical record that does not match what you were told, follow up with the clinic. Fabricated scans could be the cause.

• Support stronger regulations. Current laws like HIPAA in the United States cover health data broadly, but they were written before AI-generated images were a realistic threat. Contacting your representatives and supporting patient privacy advocacy groups can help push for updated rules.

Sources

• Radiological Society of North America (RSNA). “Deepfake X-Rays Fool Radiologists and AI.” March 2026.
• RSNA Special Report on LLM Cybersecurity Threats in Radiology, May 2025.
• Multiple news reports on ransomware attacks targeting hospital imaging systems, 2024–2026.

The balance between AI’s diagnostic benefits and its privacy risks is still being worked out. For now, being informed and asking the right questions is the most effective way to keep your medical images in safe hands.