CNLD Neuropsychology Data Breach 2026 (Qilin Ransomware): 3,722 Michigan Pediatric Patients Exposed. 150 GB Claimed. What To Do
The Center for Neuropsychology, Learning & Development (CNLD), an Ann Arbor, Michigan practice serving children, teens, and adults for ADHD, autism, and learning disability testing, was attacked by the Qilin ransomware group in October 2025. The group claims 150 GB exfiltrated. Names, contact information, dates of birth, medical and therapy records, insurance, and billing data for 3,722 patients exposed. Pediatric mental-health records are particularly sensitive. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Oct 30, 2025
Qilin lists CNLD on dark-web leak site
Oct 30, 2025
Attacker gained access
Oct 30, 2025
Breach detected
Jan 9, 2026
HHS OCR filing
Oct 30, 2025
Qilin lists CNLD on dark-web leak site
Oct 30, 2025
Attacker gained access
Oct 30, 2025
Breach detected
Jan 9, 2026
HHS OCR filing
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
The Center for Neuropsychology and Learning, PC — known as CNLD Neuropsychology — is an Ann Arbor, Michigan practice founded around 1995 by Dr. Roger Lauer. The practice has approximately 15 clinicians serving children, teens, adults, families, and geriatric patients across ADHD, autism spectrum disorder, learning disabilities (dyslexia, dyscalculia, dysgraphia), anxiety, depression, bipolar disorder, dementia and memory impairment, executive function, and trauma/PTSD.
A vulnerable pediatric population is core to CNLD’s book of business — neuropsychological testing is used for special-education advocacy, IEP and 504 plan support, and developmental diagnosis.
On October 30, 2025, the Qilin ransomware group (also known as Agenda) posted CNLD to its dark-web leak site with the standard threat: “The full leak will be published soon, unless a company representative contacts us via the channels provided.” Multiple ransomware trackers concur on this date. Qilin is a Russian-linked ransomware-as-a-service group that was the most active ransomware family in October 2025.
CNLD filed with HHS OCR on January 9, 2026 — confirming 3,722 affected individuals. The 71-day gap between the public leak-site listing and the OCR filing is consistent with a late-October intrusion and the ~60-day HIPAA notification clock.
Qilin claims approximately 150 GB exfiltrated per BreachSense reporting.
Why pediatric neuropsychological records are uniquely sensitive
CNLD’s exposed records likely include some of the most stigmatizing categories of PHI:
- Pediatric neuropsychological test protocols and raw scores (WISC, WIAT, WAIS)
- IQ scores tied to identifiable children
- ADHD, ASD, and specific learning disability diagnoses
- Psychotherapy notes
- School records and IEP / 504 documentation
These records can follow a child through school placement, college admissions, military eligibility, and adult employment background checks. Exposure of childhood cognitive testing data has effectively permanent reputational consequences.
What was stolen
Per BreachSense aggregation (entity has not posted a notice on cnld.org as of mid-May 2026):
- Full name
- Contact information
- Date of birth
- Medical / therapy records
- Insurance / billing information
- Employee / HR data
SSN exposure is not confirmed in public reporting — read your specific notification letter carefully.
What CNLD is offering
As of mid-May 2026, CNLD has not posted a security-incident page or breach notice on cnld.org. Credit-monitoring vendor and call center information are not located in public sources. No notification letter copy has been published via Maine AG, California AG, Massachusetts AG, or Vermont AG portals.
If you receive a CNLD notification letter, the letter will list what is being offered.
A class-action investigation was opened by Siri & Glimstad LLP and is now marked as “Investigation Closed” — this could indicate declination, settlement, or migration to a filed complaint. No federal docket has been located.
What to do
- Call CNLD at the number listed on cnld.org (734-994-9466) and ask whether they have mailed a substitute notice and what monitoring is offered.
- Place free credit freezes at Equifax, Experian, TransUnion as a baseline precaution.
- If your child was a CNLD patient, freeze their credit at all three bureaus (minors require manual outreach with proof of guardianship). Pediatric records create long-tail synthetic-identity-theft risk.
- Document any future surfacing of childhood test scores or diagnoses — Qilin’s “publish-or-pay” posture means exfiltrated data may circulate over time.
- Stop the ongoing flow of your neuropsychological and mental-health data. HealthConsent files HIPAA restriction requests so the pediatric testing, diagnostic, and psychotherapy data exposed in this breach is not continuously re-shared.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- CNLD Neuropsychology Homepage
- BreachSense: CNLD Neuropsychology Data Breach
- RedPacket Security: Qilin Victim CNLD
- DeXpose: Qilin Strikes CNLD
- JoinClassActions: CNLD Class Action Listing
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.