Medical imaging classification models are vulnerable to adversarial attacks and distributional shifts, compromising clinical reliability. To address this, we propose the Robust Training and Data Augmentation (RTDA) framework—a synergistic approach that unifies adaptive robust training with anatomical-structure-aware multimodal image augmentation for the first time. RTDA integrates gradient-regularized adversarial training, geometric and intensity-based augmentations, and cross-modal consistency constraints. Evaluated on benchmark datasets of mammography, X-ray, and ultrasound imaging, RTDA preserves clean accuracy above 94% while improving adversarial robustness by 18.7% on average and out-of-distribution generalization by 9.3%. Its core contribution lies in establishing a unified training paradigm that jointly optimizes clean accuracy, adversarial robustness, and out-of-distribution generalization—thereby advancing the clinical deployability of medical AI systems.

Deep neural networks are increasingly being used to detect and diagnose medical conditions using medical imaging. Despite their utility, these models are highly vulnerable to adversarial attacks and distribution shifts, which can affect diagnostic reliability and undermine trust among healthcare professionals. In this study, we propose a robust training algorithm with data augmentation (RTDA) to mitigate these vulnerabilities in medical image classification. We benchmark classifier robustness against adversarial perturbations and natural variations of RTDA and six competing baseline techniques, including adversarial training and data augmentation approaches in isolation and combination, using experimental data sets with three different imaging technologies (mammograms, X-rays, and ultrasound). We demonstrate that RTDA achieves superior robustness against adversarial attacks and improved generalization performance in the presence of distribution shift in each image classification task while maintaining high clean accuracy.