To address the challenges of domain-task mismatch and low watermarking efficiency in copyright protection for medical pre-trained language models (Med-PLMs), this paper proposes the first training-free, backdoor-based watermarking framework. Methodologically, it employs low-frequency words as semantically consistent triggers and performs lightweight watermark embedding via targeted replacement in the medical terminology embedding layer. A task-aware watermark extraction mechanism is introduced, coupled with robustness-enhancing strategies against pruning, fusion removal, and model extraction attacks. Key contributions include: (i) complete training-free deployment, (ii) domain-adaptive design tailored to medical NLP, and (iii) customizable watermarking across diverse downstream tasks. Experiments demonstrate that watermark embedding requires only 10 seconds, achieves >99% detection accuracy across multiple medical NLP benchmarks, and maintains strong robustness against state-of-the-art backdoor removal attacks.

With the advancement of intelligent healthcare, medical pre-trained language models (Med-PLMs) have emerged and demonstrated significant effectiveness in downstream medical tasks. While these models are valuable assets, they are vulnerable to misuse and theft, requiring copyright protection. However, existing watermarking methods for pre-trained language models (PLMs) cannot be directly applied to Med-PLMs due to domain-task mismatch and inefficient watermark embedding. To fill this gap, we propose the first training-free backdoor model watermarking for Med-PLMs. Our method employs low-frequency words as triggers, embedding the watermark by replacing their embeddings in the model's word embedding layer with those of specific medical terms. The watermarked Med-PLMs produce the same output for triggers as for the corresponding specified medical terms. We leverage this unique mapping to design tailored watermark extraction schemes for different downstream tasks, thereby addressing the challenge of domain-task mismatch in previous methods. Experiments demonstrate superior effectiveness of our watermarking method across medical downstream tasks. Moreover, the method exhibits robustness against model extraction, pruning, fusion-based backdoor removal attacks, while maintaining high efficiency with 10-second watermark embedding.