From detecting pneumonia on a chest X-ray to assessing whether a dark spot on the skin is benign or malignant, medical AI systems are playing an increasingly important role in clinical diagnosis. Unfortunately, the models used to train these AI systems are often victims of cyberattacks, specifically membership inference attacks (MIAs), which can lead to people’s personal information being stolen or revealed.

In a recent study, researchers conducted a first-ever patient-level privacy audit to see how easily individual patients could be identified from the underlying data used to train medical AI models.

At first glance, an AI model may appear to protect everyone’s privacy equally well, but a closer look reveals a different story. Researchers found that attackers can identify certain individual patients with near-perfect accuracy, exposing a hidden unfairness in privacy.