Your Medical Scans Are Now AI Data: Here’s How to Protect Your Privacy

Medical imaging has entered a new era. Artificial intelligence tools are now routinely used to analyze X-rays, MRIs, and CT scans—spotting tumors, measuring bone density, and flagging abnormalities faster than ever. For patients, this often means quicker diagnoses and better outcomes. But the same technology that makes imaging smarter also creates privacy risks that most people are unaware of.

Recent research presented at the Radiological Society of North America (RSNA) has highlighted a troubling development: deepfake X-rays can fool both radiologists and the AI systems designed to detect fraud. This is not a distant possibility—it is happening now. And it raises serious questions about who has access to your medical images and what they can do with them.

What Happened

In March 2026, researchers at RSNA demonstrated that synthetic X-ray images—created using generative AI—are realistic enough to deceive human experts and automated screening tools. The implications go beyond academic curiosity. Medical images have become valuable data assets. They are stored in electronic health records, shared across hospital networks, and increasingly used to train commercial AI models. Each of these steps introduces potential points of exposure.

The deepfake X-ray study is part of a broader pattern. Healthcare data breaches have been rising steadily. In 2025, the U.S. Department of Health and Human Services reported over 700 major breaches affecting more than 100 million patient records. Medical images are not exempt—they contain metadata, and some can be reconstructed to reveal patient identities even after anonymization.

Why It Matters

For patients, the risks fall into three categories.

First, medical identity theft. Anyone with access to your scans can use them to obtain treatment, prescriptions, or insurance benefits under your name. Because medical images are less commonly monitored than financial data, fraud can go undetected for months or years.

Second, misdiagnosis or manipulation. Deepfake X-rays could be inserted into your records to change diagnosis history or to sabotage treatment plans. While such attacks are not yet widespread, the RSNA research shows the technical capability already exists.

Third, loss of privacy. Medical images can reveal sensitive information about your health—pregnancy, cancer status, chronic conditions—that you may not want shared without your consent. Some hospitals and imaging centers now share de-identified data with AI developers, but “de-identified” is not always as safe as it sounds. Researchers have repeatedly shown that re-identification is possible with modest effort.

The bottom line: if you undergo an MRI, CT, or X-ray today, your images are likely part of a digital system that is more porous than most people realize.

What Readers Can Do

You don’t need to become a cybersecurity expert to reduce your risk. Here are concrete steps you can take.

Ask your imaging provider about data security. Before you schedule a scan, ask: “How do you store my images? Do you share any data with third parties for AI training? Can I opt out?” Many providers have a patient privacy officer who can answer these questions. If they can’t give you a clear answer, consider whether you can go elsewhere.

Request a copy of your images for yourself. In the United States, you have a right to access your medical records, including images. Download them directly from the patient portal and store them on an encrypted external drive rather than on a cloud service you don’t control. This gives you a personal backup and a way to verify that nothing has been altered.

Avoid sharing your images on social media or unsecured platforms. It might be tempting to post a picture of your baby’s ultrasound, but those images carry metadata that can include your name, date of birth, or facility details. Even if you crop the image, embedded data may remain. If you do share, use a platform that strips metadata and understand that once it’s online, you lose control.

Use your health system’s patient portal carefully. Set strong, unique passwords and enable two-factor authentication if available. Do not access your medical records on public Wi-Fi.

Check your explanation of benefits. Review statements from your insurance for procedures you don’t recall having. This can be an early sign that someone used your images or identity to get care.

The Bigger Picture

The RSNA research is a reminder that every technological advance in medicine comes with trade-offs. AI can save lives—but it also creates new opportunities for misuse. Patients cannot solve these problems alone. Stronger regulations, better encryption standards, and mandatory transparency about data sharing are needed from healthcare institutions and policymakers.

In the meantime, staying informed and asking the right questions is the best defense. Your medical images are more than just pictures; they are uniquely personal data. Treat them accordingly.

Sources

• Radiological Society of North America. “Deepfake X-Rays Fool Radiologists and AI.” RSNA, March 24, 2026.
• Radiological Society of North America. “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” RSNA, May 20, 2026.
• U.S. Department of Health and Human Services. “Healthcare Data Breach Statistics.” Annual report, 2025.
• Several studies on re-identification of de-identified medical images (e.g., by researchers at MIT and the University of Vermont, 2023–2025).