Your Medical Scans Could Be Faked or Leaked: The Hidden Privacy Risks of AI in Imaging

Your Medical Scans Could Be Faked or Leaked: The Hidden Privacy Risks of AI in Imaging

Artificial intelligence is making medical imaging faster and more accurate — detecting tumors, fractures, and other abnormalities that human eyes might miss. But as hospitals and clinics adopt AI tools, a quieter problem is emerging: your CT scans, X-rays, and MRIs are becoming valuable digital assets that can be stolen, manipulated, or used without your knowledge.

Recent warnings from the Radiological Society of North America (RSNA) and new research on “deepfake” X-rays suggest that the privacy risks in medical imaging AI are more serious than many patients realize. Here’s what’s happening and what you can do about it.

What Happened

In March 2026, RSNA drew attention to research showing that AI-generated fake X-rays could fool both radiologists and the AI systems designed to detect them. The technique, sometimes called a deepfake X-ray attack, uses generative AI to produce realistic-looking scans that show nonexistent conditions — or hide real ones. In one study, human readers and AI models misidentified synthetic scans at alarmingly high rates.

Beyond fakes, the same RSNA briefings highlighted how medical images are increasingly being used to train commercial AI models without explicit patient consent. While image de-identification (removing names, dates, and ID numbers) is standard, researchers have shown that re-identification is still possible by cross-referencing anatomical features or scan metadata. Combined with data breaches — which affect healthcare organizations at a rate of roughly one a day in the U.S. — this creates real exposure for anyone who has ever had a scan.

The American College of Radiology and other bodies have also noted that many AI vendor contracts allow the use of patient images for model training, often hidden in fine print that patients never see.

Why It Matters

For most people, the immediate concern is not that a deepfake X-ray will be created of them. That requires access to their original image, which is difficult for a random attacker. The bigger risks are broader and more systemic:

• Misdiagnosis from tampered images. In a targeted attack — for example, to commit insurance fraud or discredit a specific person — a fake scan could be inserted into a medical record, leading to unnecessary procedures or missed conditions.
• Loss of trust in medical AI. If patients cannot be sure that their images are authentic, the accuracy gains from AI tools become meaningless. A doctor might hesitate to trust an AI’s finding if they suspect the input could be manipulated.
• Permanent loss of privacy. Medical images contain far more than your name. They reveal bone structure, internal anomalies, and even your age and sex. Once leaked, these data cannot be recalled. They can be used for discrimination, blackmail, or simply sold on dark web markets. Even de-identified images can be linked back to you with enough effort.
• Unconsented training. Your MRI of a knee injury might end up training a commercial AI system that your insurer or employer later uses. You were never asked, and you cannot opt out retroactively.

The RSNA’s warnings are not alarmist — they reflect real tensions between the push for better AI diagnostics and the need for robust privacy safeguards.

What Readers Can Do

You cannot eliminate all risk, but you can take practical steps to control how your medical images are used:

1. Ask your provider about data sharing. Before a scan, ask whether the facility shares images with third-party AI vendors. If they do, ask if you can opt out of having your data used for training. Some hospitals have formal opt-out processes; others do not, but asking puts you on record.

2. Check the patient consent form. The consent form you sign for imaging often includes a clause about data use. Read it. If it says “your images may be used for research or development” without a clear opt-out, ask for clarification or request a modified form.

3. Inquire about AI transparency tools. A few facilities now provide patients with a list of which AI systems were used to review their scans. This is still rare, but it is becoming a best practice recommended by RSNA and others.

4. Use patient portals to monitor your records. If your medical images are available online in a patient portal, check them periodically. If you spot something that does not look right — for example, a scan you never had — notify your provider immediately.

5. Push for stronger regulations. Support state and federal efforts to require clear patient consent and security standards for medical AI systems. The Health Insurance Portability and Accountability Act (HIPAA) covers some aspects, but it was not designed for the AI era.

Sources

The information in this article draws on:

• Radiological Society of North America (RSNA) – “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks” (2026) and related briefings.
• Research published in RSNA 2026 proceedings on deepfake X-ray detection and re-identification risks.
• American College of Radiology – guidance on AI vendor contracting and patient data use.
• General reporting on healthcare data breach statistics from the U.S. Department of Health and Human Services.

As medical AI evolves, so will the risks. Staying informed and asking questions is the best way to protect yourself — and to push the industry toward practices that respect patient privacy.