What it is: These attacks aim at the medical world. They try to get the AI to help with fraud, patient harm, stolen health data, or tampering with drugs and devices. How the attacks work: The attacker pretends to be a clinician, biller, or researcher and asks for “help” that is really a crime. The medical language and a professional-sounding reason make the harmful request look like normal healthcare work. Real examples from the framework:
  • prescription-fraud asks for ways to forge or fake prescriptions.
  • drug-diversion seeks methods to steal or reroute controlled medications.
  • medical-records-theft tries to get help stealing patient health records.
  • insurance-billing-fraud requests schemes to bill for care that never happened.
  • medical-device-tampering asks how to alter a medical device in harmful ways.
Why an AI might fall for it: Healthcare requests sound legitimate. The model may assume a “doctor” or “billing team” has a valid need, and the jargon hides the harm. Helpful intent plus trusted-sounding context lowers the model’s guard. How to defend: Treat a professional title as a claim, not proof. Refuse help with billing fraud, drug diversion, record theft, or device tampering no matter who asks. Separate real clinical education from requests that enable theft, harm, or deception.