Your Medical Scans Are Feeding AI—And That Raises New Privacy Risks

Your Medical Scans Are Feeding AI—And That Raises New Privacy Risks

Medical imaging has quietly become one of the most data-intensive areas of healthcare. X-rays, CT scans, and MRIs are now routinely processed by artificial intelligence tools that help radiologists detect cancer, fractures, and other conditions faster. That shift brings real benefits, but it also creates new privacy risks that most patients are not aware of. Recent research presented by the Radiological Society of North America (RSNA) highlights how these risks extend beyond typical data breaches — including the possibility that someone could fabricate a medical image that looks real.

What happened?

At the RSNA annual meeting in 2025, researchers presented findings on privacy vulnerabilities in AI-powered medical imaging. One especially concerning demonstration showed that “deepfake” X-rays — synthetic images generated using AI — could fool both human radiologists and the AI tools themselves. The study, published around March 2026, indicated that such fake images could be inserted into a patient’s record to fraudulently claim an illness or to alter a diagnosis. Beyond deepfakes, the research also pointed out that the AI models themselves may inadvertently memorize specific patient data from training images, raising the risk that sensitive health information could be extracted later.

These findings build on a broader trend. As hospitals and clinics adopt AI-based diagnostic software, vast volumes of medical images are being collected, stored, and often shared with third-party vendors for algorithm training or cloud analysis. Each step in that pipeline creates a potential point of exposure.

Why it matters

Medical images are not anonymous. A chest X-ray may reveal not only lung disease but also details about a person’s body shape, implanted devices, or surgical scars — information that can identify an individual or reveal sensitive health conditions. Unlike a credit card number, you cannot simply change your medical history after a leak. Once a scan is stolen or manipulated, the damage is lasting.

Current privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States, cover traditional handling of medical records. But HIPAA was written before AI became common in radiology. It is not always clear how these regulations apply when data is shared with an AI vendor that may not directly treat patients, or when an image is used to train a model that will be deployed at other hospitals. The RSNA researchers explicitly note that existing legal frameworks may not fully address the privacy risks introduced by AI analysis, particularly when it comes to re-identification and synthetic image generation.

For patients, this means their medical imaging data could be exposed in ways they never consented to — and that exposure could be exploited for fraud, identity theft, or even blackmail. In one scenario described by researchers, a manipulated mammogram could be used to claim breast cancer that does not exist, leading to unnecessary treatment or insurance fraud.

What readers can do

Patients do not need to become privacy experts, but a few practical steps can help protect sensitive imaging data:

1. Ask about data handling. Before you undergo a scan, ask your provider how images will be stored, who will have access to them, and whether AI tools are used. If a third-party vendor processes your images, request to know what safeguards are in place. Many radiologists and hospitals are willing to answer these questions.

2. Review consent forms carefully. Standard consent for imaging often includes broad language about using data for quality improvement or research. Look for clauses that mention “data sharing” or “algorithm training.” You have the right to refuse authorization for uses beyond your direct care, though this might limit certain AI-assisted analyses.

3. Use patient portals securely. If your hospital offers an online portal where you can view your images, enable two-factor authentication and use a strong, unique password. These portals are a common target for hackers.

4. Correct errors promptly. If you see an imaging report in your medical record that looks wrong — for example, a finding you do not recall — report it to your provider. Deepfake or misattributed images could be inserted without your knowledge.

5. Stay informed on regulations. Support advocacy for updated privacy laws that explicitly address AI in healthcare. The RSNA itself is calling for clearer guidelines and better transparency from AI developers.

The future of AI in medical imaging is promising, but it is not without trade-offs. As patients, understanding those trade-offs is the first step toward protecting your health data. The RSNA research serves as a reminder that even a well-intentioned technology can open new doors to misuse — and that privacy cannot be an afterthought.

Sources

• Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA News, 2025.
• Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” RSNA, March 2026.
• U.S. Department of Health and Human Services. “Summary of the HIPAA Privacy Rule.” HHS.gov, 2013. (Context on legal framework).