AI Can Now Alter Medical Scans: What Patients Should Know

Medical imaging has long been considered one of the most trustworthy sources of diagnostic information. X-rays, CT scans, and MRIs are treated as objective evidence that doctors and patients rely on for decisions about treatment. But recent research from the Radiological Society of North America (RSNA) shows that AI can now create deepfake X-rays that fool both radiologists and AI detection algorithms. This development raises serious questions about the privacy and integrity of your medical images.

What Happened

Researchers demonstrated that AI tools can manipulate medical images in ways that are virtually undetectable to the human eye. In one study, a deepfake X-ray was injected with a tumor-like anomaly that both experienced radiologists and automated screening systems failed to identify as fake. The same techniques can be used to remove real abnormalities, potentially causing missed diagnoses or false claims of disease.

The ability to alter medical scans isn’t theoretical anymore. It’s a proven capability, and the tools required are becoming more accessible. While the research focused on radiology, similar methods could apply to other imaging modalities like pathology slides or dermatology photos.

Why It Matters

The privacy risks go beyond the obvious concern of someone faking an injury for insurance fraud. Your medical images contain a detailed, unique map of your body. They can reveal information about your health, your anatomy, and even your identity. If these images are compromised:

  • Fraud and misinformation: Altered scans could be used to claim you have a condition you don’t, or to hide a real diagnosis. This could affect insurance coverage, employment, or legal proceedings.
  • Data exposure: Many hospitals and imaging centers store scans in cloud-based systems or share them across networks. These systems have been targeted in data breaches before. Once a scan is leaked, someone with AI tools could alter it and then present the fake as authentic.
  • Loss of trust: If patients cannot trust that their scans haven’t been tampered with, the entire diagnostic process becomes less reliable. This is especially concerning for people with chronic conditions who have many scans over time.

Current regulations like HIPAA were designed for an era before AI-generated deepfakes. HIPAA focuses on protecting the confidentiality of your health information, but it does not address the integrity of that information—whether it has been altered after it was created. Patients have limited legal recourse if a scan is manipulated without their knowledge.

What You Can Do

As a patient, you can take practical steps to reduce the risk of your medical images being misused:

  • Ask about storage and sharing. Before an imaging procedure, ask the facility how your images are stored, who has access, and whether they are transmitted over secure networks. If they use cloud-based services, ask about encryption and audit logs.
  • Request anonymization when possible. For research or second-opinion consults, your images can often be stripped of identifying metadata. This reduces the chance of a breach linking the image back to you.
  • Use patient portals securely. If your hospital offers a portal to view your images, enable two-factor authentication and log out after each session. Avoid accessing your medical data on public Wi-Fi.
  • Get a second opinion on major diagnoses. If a scan shows a serious finding, consider having a second radiologist review the original image. Some facilities now offer digital signature or blockchain-based verification for scans, which makes tampering easier to detect.
  • Be careful about sharing images on social media. Posting a scan for medical advice or awareness campaigns may expose you to misuse. If you must share, remove any visible patient identifiers and consider using a free online tool to blur or crop sensitive areas.
  • Ask if AI is used in your diagnosis. Informed consent should include knowing whether an AI algorithm is assisting your radiologist. Some AI tools are vulnerable to adversarial attacks that could manipulate outputs.

The Bottom Line

The rise of AI in medical imaging opens a Pandora’s box of privacy-related risks that patients and providers are only beginning to understand. Deepfakes are no longer just a problem for politicians and celebrities—they can reach into your X-ray file. Until regulations catch up and security standards are updated, individual vigilance is the best defense. By asking the right questions and taking basic precautions, you can help protect the integrity of your most sensitive health data.

Sources: Radiological Society of North America (RSNA) research on deepfake X-rays; HIPAA Privacy Rule overview from HHS; industry reports on medical imaging cybersecurity.