Your Medical Scans Could Be Leaking Private Data: What to Know About AI and Imaging

If you’ve had an X-ray, MRI, or CT scan recently, there’s a good chance an artificial intelligence tool helped analyze the results. AI in radiology can speed up diagnoses and catch things the human eye might miss. But there’s a catch: the same technology that makes imaging more powerful also creates new risks for your personal health data.

A recent report from the Radiological Society of North America (RSNA) warns that the rapid adoption of AI in medical imaging has opened a “Pandora’s box” of privacy-related risks. The problem isn’t the AI itself, but how the data used to train and run these tools is handled. If you’re a patient who values privacy, this is worth understanding.

What Happened

In May 2026, the RSNA published a detailed analysis of privacy vulnerabilities in AI-powered medical imaging. The report highlights several ways patient data can be exposed:

  • Third-party vendors: Many hospitals use AI tools developed by outside companies. When your scan is sent to the cloud for analysis, it may travel through servers you know nothing about.
  • Model training: AI models improve by learning from large datasets. Sometimes those datasets include images that are supposed to be de-identified, but researchers have repeatedly shown that faces or other identifiable features can be reconstructed from scan data.
  • Re-identification risks: Even after direct identifiers (name, date of birth) are stripped, metadata or biometric patterns in the image itself can be linked back to you.

The RSNA is not alone in raising these concerns. Academic studies have demonstrated that re-identification is possible using facial contours visible in CT and MRI scans. The more data an AI system ingests, the greater the potential for leaks.

Why It Matters

Your medical imaging data is not just a picture of your bones or organs. It can reveal your face shape, age, sex, and even your genetic predispositions. Once that data leaves your provider’s system, you lose control over where it ends up.

Data breaches in healthcare are already common. Adding AI pipelines means more points of entry for attackers. If a hospital uses a cloud-based AI service without strong encryption or access controls, a breach could expose thousands of scans at once. The consequences go beyond embarrassment—health insurance discrimination or employment bias are real possibilities if sensitive health information surfaces.

Current regulations like HIPAA in the United States and GDPR in Europe cover health data, but they were written before AI became widespread. The RSNA report notes that enforcement is inconsistent, and many consent forms do not explicitly mention AI use. Patients often have no idea their scan might be used for training.

What Readers Can Do

You don’t need to be a privacy expert to take simple precautions. Here’s what you can ask before your next imaging appointment:

  1. Ask if AI will be used – Not all providers use AI. If they do, ask who makes the software and whether your data leaves the facility.
  2. Request a data use policy – Some hospitals have public documents explaining how they handle imaging data. Ask for a copy or look on their website.
  3. Opt out of research use – Many institutions allow you to refuse to have your data used for AI training or research. You may need to sign a specific form.
  4. Inquire about de-identification methods – Ask whether the provider strips identifiers before sharing scans with third parties. “De-identified” isn’t always ironclad, but it’s better than nothing.
  5. Check for a patient portal – See if you can access your imaging records directly. Knowing what’s there helps you monitor for suspicious access.

On a broader level, support policies that require transparency. The RSNA report itself is a step toward better standards, but change takes time. In the meantime, stay informed and ask questions.

Sources

  • Radiological Society of North America (RSNA). “Medical Imaging AI Opens a Pandora’s Box of Privacy-Related Risks.” May 20, 2026.
  • Various academic re-identification studies cited within the RSNA report and broader literature on medical imaging privacy.