Your Medical Scans Are Now AI-Powered—Here’s the Privacy Risk You Need to Know

Your Medical Scans Are Now AI-Powered—Here’s the Privacy Risk You Need to Know

Artificial intelligence is making its way into nearly every corner of healthcare, and radiology is no exception. Today, many hospitals use AI to help radiologists read X-rays, MRIs, and CT scans faster and more accurately. That sounds like good news for patients. But there is a less visible side to this progress: the same technology that can spot a tumor in seconds is also creating new ways for your private health data to be misused, stolen, or even faked.

Recent research presented at the Radiological Society of North America (RSNA) annual meeting highlights a disturbing possibility: AI-generated deepfake medical images so convincing they can fool both radiologists and the diagnostic AI systems meant to detect fraud. This isn’t science fiction. It’s a real vulnerability that patients should be aware of.

What happened

At RSNA 2025, researchers demonstrated how generative AI can produce synthetic X‑rays that appear identical to real scans from actual patients. In a controlled study, these deepfakes were inserted into hospital picture archiving and communication systems (PACS) undetected by current safety checks. When radiologists reviewed the fake images alongside real ones, they could not reliably tell them apart. Even the AI systems designed to flag abnormalities were deceived—they treated the fake scans as legitimate patient data.

This is not an isolated experiment. The same datasets used to train diagnostic AI — often containing millions of chest X‑rays, mammograms, or CT slices — are also used to train these generative models. If a malicious actor gains access to the training data, they can produce fakes tailored to a specific hospital’s imaging protocols. The research was published in the RSNA journal and covered by multiple outlets, confirming that the threat is being taken seriously by the radiology community.

Beyond deepfakes, the widespread use of medical imaging AI raises other classic privacy concerns. Many AI models require large volumes of patient data to improve their accuracy. That data is often shared with third‑party vendors, cloud providers, or research partners. While de‑identification is standard practice, it is not foolproof. Researchers have shown that it can be possible to re‑identify individuals from supposedly anonymized scans, especially when combined with metadata like age, sex, and body shape.

Why it matters

If a deepfake X‑ray can be injected into a patient’s record, several bad outcomes become possible:

• Fraud and identity theft. A fake scan could be used to submit false insurance claims, or to support a fraudulent medical history for someone else.
• Misdiagnosis and harm. Altered images could delay treatment or lead to unnecessary procedures if a physician relies on data that is not real.
• Erosion of trust. Patients need to believe that their medical images accurately represent their health. If that trust breaks down, it could discourage people from seeking timely care.

The problem is compounded by the fact that HIPAA, the main U.S. health privacy law, was written long before generative AI existed. HIPAA requires healthcare providers to safeguard protected health information and gives patients the right to access their records. But it does not directly address the use of AI to create synthetic images, nor does it require notification when an image has been altered by an algorithm. Patients may assume their data is secure when, in reality, their imaging history could be used to train models without explicit consent — or even tampered with by bad actors.

What readers can do

You don’t need to become a cybersecurity expert, but a few practical steps can help you stay in control of your medical imaging data.

1. Ask about data practices before your scan. When you schedule an X‑ray or MRI, ask the imaging center: “How is my data stored? Is it shared with any AI vendors? Can I opt out of having my images used for research or algorithm training?” Many facilities have patient consent forms that cover these uses. Read them carefully.

2. Monitor your health records regularly. Most health systems now offer patient portals where you can view imaging reports and sometimes the images themselves. If something looks out of the ordinary — a scan date that doesn’t match your visit, or a finding you never discussed with a doctor — contact your provider immediately.

3. Understand your HIPAA rights. You have the right to request an accounting of disclosures of your health data. If you suspect your images have been shared without authorization, ask for a list of who accessed them and why. Also remember that HIPAA’s protections apply mainly to covered entities (hospitals, insurers), not to every company that processes your data.

4. Be cautious about third‑party apps. Some wellness or telemedicine apps offer “analyze your X‑ray” features. Uploading your scans to such services may expose them to additional privacy risks. Only share medical images through channels your provider officially supports.

5. Support stronger regulation. Write to your elected representatives or follow organizations like the Electronic Privacy Information Center (EPIC) that advocate for updates to health data laws. Specific changes, such as requiring transparency when AI is used on patient data and criminalizing the creation of fake medical images, would help close the gaps.

Sources

• Deepfake X‑Rays Fool Radiologists and AI, Radiological Society of North America (RSNA), March 2026.
• RSNA 2025 Technical Exhibits Feature Largest Radiology AI Showcase, RSNA, September 2025.
• U.S. Department of Health and Human Services, HIPAA Privacy Rule.
• Research on re‑identification risks of medical imaging data (multiple studies cited at RSNA and in peer‑reviewed journals).

The promise of AI in radiology is real, but so are the privacy risks it brings. Staying informed and asking the right questions is the best way to protect yourself without turning away from useful technology.