Medical data of minorities could be more vulnerable to cyberattack

MIA and evaluation strategies. Credit: Nature (2026). DOI: 10.1038/s41586-026-10688-0

Individuals whose data are used to train medical artificial intelligence (AI) models may be at risk of being identified in cyberattacks, according to a Nature paper. Underrepresented groups may face disproportionately higher risks of having their data compromised, the study indicates. The researchers found these individuals are not accounted for in current risk assessments and call for further mitigation and strict access control.

Medical AI models may improve global health outcomes, especially in areas in which specialized expertise is not available. Yet the sensitive data used to train these models may be exposed to privacy attacks.

Membership inference attacks (MIAs) are used by attackers to determine whether an individual's data were used to train a model. From these attacks, a patient's medical data and private information can be determined. Previous research on data risk has been based on whole datasets and does not take an individual's risk into account.

Moritz Knolle and colleagues conducted a privacy audit focused on individual privacy risk, finding that medical AI models may pose a privacy risk to individual data contributors.