Your Medical Scans Are Being Analyzed by AI — Here’s What That Means for Your Privacy
Artificial intelligence is becoming a standard tool in radiology, helping radiologists detect tumors, fractures, and other findings faster than ever. But as AI systems process millions of medical images, a less-publicized shift is happening with your scan data. A report from the Radiological Society of North America (RSNA), released in May 2026, warns that the same technology improving diagnosis is also opening new privacy risks for patients. Understanding those risks can help you decide what questions to ask before your next X-ray, MRI, or CT scan.
What happened
The RSNA report, titled “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks,” outlines several ways the growing use of AI in radiology can expose patient imaging data. Among the concerns: medical images stored for AI training may be vulnerable to data breaches, and patients often aren’t informed when their scans are used to develop commercial algorithms.
A separate study presented at RSNA in March 2026 demonstrated a more unsettling scenario: deepfake X-rays that were realistic enough to fool both board-certified radiologists and AI detection systems. The researchers artificially altered chest X-rays to insert or remove signs of disease, creating images that looked authentic to human experts and machine classifiers alike. That raises the possibility of someone creating a fake scan to commit insurance fraud or frame a patient, or conversely, erasing evidence of a condition.
Why it matters
Your medical images contain highly personal information. They reveal not just your health condition but sometimes identifiable features — your face, body shape, or even tattoos. Here’s what’s at stake, based on the RSNA findings and general cybersecurity patterns in healthcare:
Data breaches and unauthorized access. Hospitals and cloud storage vendors that hold large imaging datasets are attractive targets. A breach could expose thousands of scans, along with your name, date of birth, and medical record number. Unlike a credit card number, a medical image can’t be replaced.
Non-consensual use for AI training. Many AI models are trained on patient scans without explicit individual consent, often relying on broad research waivers or “de-identified” data that has been re-identified in some high-profile cases. The RSNA report notes that current patient consent processes haven’t kept pace with how quickly scans are being repurposed for AI development.
Deepfake manipulation. The ability to generate convincing fake scans is no longer theoretical. While no widespread attacks have been reported yet, the existence of deepfake X-rays means insurers, courts, or employers could eventually be presented with fabricated imaging evidence. At the same time, a patient’s real scan could be altered to hide a condition and then used to deny treatment or coverage.
These risks are compounded by the fact that many patients are never told their images will be used outside of their own medical care. The RSNA report calls for clearer disclosure and stronger safeguards.
What you can do
You can’t control how every hospital or AI company handles your data, but you can take a few practical steps to reduce unnecessary exposure:
Ask your provider about data handling. Before an imaging exam, ask: “Will my scans be used for AI training or research? Can I opt out?” Not all facilities have an opt-out process, but asking raises awareness and puts pressure on them to develop one.
Request information on data sharing. Find out whether your hospital shares imaging data with third-party vendors or cloud storage services. If they do, ask how the data is anonymized and whether it’s ever sold.
Review the consent forms you sign. Many consent forms for imaging include a clause allowing use of your data for research. If you’re not comfortable, you can ask to strike that clause or choose a facility that separates clinical care from research.
Monitor your medical records. Keep an eye on your patient portal for unexpected imaging reports. If you see a scan listed that you don’t recall having, that could be a sign of a data error or, in a worst case, tampering with your records.
Support stronger privacy laws. Policy changes — like requiring explicit consent for any non-clinical use of medical images — would give patients more control. Groups like the Patient Privacy Rights organization track legislation at the state and federal level.
Sources
- Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA Press Release, May 2026.
- Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” RSNA Research Report, March 2026.