Moldova's national health insurance agency, the National Health Insurance Company (CNAM — Compania Națională de Asigurări în Medicină), has publicly disclosed a cyberattack that occurred several weeks prior, confirming that technical assessments indicate a possible theft of limited information. The agency says it is working with national cybersecurity authorities to assess the full scope of the incident.
Incident Details
The CNAM announced that it detected unauthorized access to its systems some weeks before the public disclosure. Upon discovery, the agency engaged technical teams to investigate the intrusion and assess what data may have been accessed or exfiltrated. The organization described the potential data theft as involving "limited information," though it has not publicly specified the exact categories of data involved.
CNAM is responsible for administering Moldova's compulsory health insurance system, which covers the vast majority of the country's approximately 2.6 million residents. The agency holds sensitive personal and medical information including policyholder identities, insurance contribution records, medical service utilization data, and healthcare provider relationships.
Delayed Public Disclosure
The gap between the incident's occurrence and its public disclosure — described as "several weeks" — follows a pattern seen in many public sector cyberattack notifications globally. Organizations often delay disclosure while conducting internal technical assessments to understand the scope before notifying the public and regulators.
In Moldova's context, the National Cybersecurity Authority (ANSC) would typically be notified and engaged as part of the incident response. The agency's framing of the data theft as "possible" and "limited" suggests the investigation is ongoing and the full picture has not yet been established.
Potential Impact on Policyholders
While CNAM has characterized the scope as limited, even partial exposure of health insurance data carries significant risk for affected individuals. Health insurance records typically contain a combination of:
- Full legal names and national identification numbers — enabling identity fraud
- Date of birth and contact details — useful for targeted phishing
- Medical service histories and insurance claims — enabling medical identity theft
- Financial contribution records — potentially exposing income and employment information
- Healthcare provider assignments — allowing social engineering of patients or providers
For citizens in Moldova, where digital identity infrastructure may offer fewer immediate remediation tools than in Western Europe, the consequences of health data exposure can be difficult to address quickly.
Healthcare Sector as a Persistent Target
Moldova's CNAM incident is the latest in an ongoing series of cyberattacks against healthcare-adjacent government agencies across Eastern and Central Europe. State-sponsored threat actors with interests in the region — including Russian-aligned groups — have consistently targeted government services, critical infrastructure, and healthcare systems in Moldova and neighboring countries.
The broader Eastern European healthcare sector has faced heightened threat activity in the context of the ongoing geopolitical instability in the region. Healthcare agencies make attractive targets because they hold large volumes of sensitive personal data and often operate on legacy infrastructure with limited security budgets.
What Affected Individuals Should Watch For
Moldovan citizens enrolled in the national health insurance system should remain alert to:
- Unsolicited contact purporting to be from CNAM, healthcare providers, or government agencies asking for personal information
- Phishing emails or SMS messages using personal details that suggest the sender has access to their insurance or medical records
- Unexpected medical billing or insurance claims for services not received — a sign of medical identity theft
- Social engineering attempts targeting their healthcare providers using stolen policyholder data
Official Response
The CNAM has indicated it is cooperating with national cybersecurity authorities and conducting an ongoing technical investigation. The agency has not specified whether it will directly notify affected policyholders or what remediation steps it will offer. Further updates are expected as the investigation progresses.
Moldova's ANSC (Agenția Națională pentru Securitate Cibernetică) has not issued a separate public statement at the time of writing, though it is expected to be involved in the response and attribution effort.