Moldova’s health insurance agency reports possible data leak after cyberattack

Moldova’s National Health Insurance Company (CNAM) confirmed this week that it had suffered a cyberattack that may have resulted in the exfiltration of some data.

The agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information. CNAM said in a statement to local broadcaster TVR Moldova that the affected system was secured quickly and that the integrity of its database remained intact.

The agency added that the attack did not disrupt the work of hospitals or other medical institutions that rely on the national insurance system.

However, Moldova’s cybersecurity officials have suggested the incident may be more serious. Ion Vintilă, deputy director of the country’s cybersecurity agency, told local media earlier this week that the attack may have affected about one-third of CNAM’s database, which contains personal information and payment records related to the healthcare system.

Authorities have not received any ransom demands, Vintilă said, raising questions about whether the operation was motivated by financial gain.

“No messages were sent for data recovery or demands for money. We believe that this could be a well-developed plan to steal sensitive information,” he told TVR Moldova, adding that officials were considering the possibility of external involvement, including potential links to actors from Russia.

CNAM administers Moldova’s compulsory health insurance system, collecting contributions and reimbursing hospitals, clinics and pharmacies for medical services.

Vintilă said several cyberattacks have targeted Moldova’s critical infrastructure since the beginning of the year, but the incident involving the medical database appeared to be the most serious.

Neither Moldova’s cybersecurity agencies nor the health ministry have issued public statements about the incident.

Moldova, a country of about 2.4 million people between Ukraine and Romania, has faced an increase in cyberattacks and influence operations since Russia’s full-scale invasion of Ukraine in 2022. Authorities say many of these efforts are aimed at disrupting state institutions and undermining trust in the pro-European government of President Maia Sandu.