Cyberattack on Moldova’s Health Insurance System Raises Concerns Over Data Theft
Moldova’s National Health Insurance Company (CNAM) confirmed a cyberattack this week, revealing that hackers may have exfiltrated limited data from its systems. The incident, which occurred several weeks ago, was contained quickly, with CNAM stating that the integrity of its core database remained intact and that healthcare services were not disrupted.
However, Moldova’s cybersecurity officials painted a more severe picture. Ion Vintilă, deputy director of the country’s cybersecurity agency, told local media that the attack may have compromised up to one-third of CNAM’s database, which includes personal information and payment records tied to the national healthcare system. No ransom demands have been received, leading authorities to suspect the breach was motivated by espionage rather than financial gain. Vintilă suggested possible external involvement, including potential links to Russian actors.
CNAM oversees Moldova’s mandatory health insurance system, managing contributions and reimbursements for hospitals, clinics, and pharmacies. The attack is the most serious among multiple cyber incidents targeting Moldova’s critical infrastructure this year.
Since Russia’s full-scale invasion of Ukraine in 2022, Moldova a nation of 2.4 million bordering Ukraine and Romania has faced a surge in cyberattacks and influence operations. Authorities allege these efforts aim to destabilize state institutions and undermine the pro-European government of President Maia Sandu. No further public statements have been issued by Moldova’s cybersecurity agencies or health ministry.
Source: https://therecord.media/moldova-health-insurance-agency-reports-possible-data-leak-cyberattack
Ministry of Labour and Social Protection of Moldova cybersecurity rating report: https://www.rankiteo.com/company/ministry-of-health-labour-and-social-protection-of-moldova
"id": "MIN1777559026",
"linkid": "ministry-of-health-labour-and-social-protection-of-moldova",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Up to one-third of CNAM’s '
'database (potentially millions '
'of records)',
'industry': 'Healthcare/Insurance',
'location': 'Moldova',
'name': 'National Health Insurance Company (CNAM)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Suspected',
'number_of_records_exposed': 'Up to one-third of CNAM’s '
'database',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'Payment records']},
'description': 'Moldova’s National Health Insurance Company (CNAM) confirmed '
'a cyberattack that may have exfiltrated limited data from its '
'systems. The incident was contained quickly, with core '
'database integrity intact and no disruption to healthcare '
'services. However, cybersecurity officials suspect up to '
'one-third of CNAM’s database, including personal information '
'and payment records, may have been compromised. The attack is '
'believed to be motivated by espionage, possibly involving '
'Russian actors.',
'impact': {'data_compromised': 'Personal information and payment records',
'identity_theft_risk': 'High (due to personal information '
'exposure)',
'operational_impact': 'No disruption to healthcare services',
'payment_information_risk': 'High (due to payment records '
'exposure)',
'systems_affected': 'National Health Insurance Company (CNAM) '
'database'},
'investigation_status': 'Ongoing',
'motivation': 'Espionage',
'ransomware': {'data_exfiltration': 'Suspected',
'ransom_demanded': 'No',
'ransom_paid': 'No'},
'references': [{'source': 'Local media reports'}],
'response': {'containment_measures': 'Quick containment of the attack'},
'threat_actor': 'Russian actors (suspected)',
'title': 'Cyberattack on Moldova’s Health Insurance System',
'type': 'Data Breach'}