Langdon & Company; Michigan Medicine Announce Data Breaches
A cyberattack has been announced by the North Carolina accountancy firm Langdon & Company, and Michigan Medicine has experienced a mailing incident that exposed patient information.
Langdon & Company, North Carolina
Langdon & Company, LLP, a certified public accountancy firm based in Garner, North Carolina, has recently notified 46,061 individuals about a breach of some of their protected health information. Langdon & Company is a business associate of Easterseals North Carolina & Virginia, which provides services to individuals with disabilities.
Unusual network activity was identified by the accountancy firm on April 28, 2024. Cybersecurity experts were engaged to investigate the activity and determine the nature and scope of the activity. The forensic investigation revealed unauthorized network access between April 21, 2024, through April 28, 2024, during which time files were exfiltrated from its network.
It has taken more than a year to review the affected files and issue notification letters. Langdon & Company said the delay was due to the extensive analysis required to review all the affected data. The data review was not finalized until June 3, 2025, and notification letters were mailed on or around August 1, 2025. The data involved varied from individual to individual and may have included names in combination with one or more of the following: address, birth date, Taxpayer identification number, Social Security number, financial account information, medical information, health insurance information, and/or digital signature.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The affected individuals have been offered complimentary credit monitoring and identity theft protection services, steps have been taken to improve data security, and any information that does not need to be retained for business purposes or legal reasons is being destroyed.
Michigan Medicine
Michigan Medicine has notified 1,015 patients about the exposure of a limited amount of their protected health information as a result of a mailing error. On June 27, 2025, potential participants in a research study were contacted by mail regarding the study. The requests were sent on postcards, which were not in envelopes, resulting in the exposure of protected health information to anyone who may have come into contact with the postcards. When the error was identified, the research study staff took immediate action to prevent any further postcards from being mailed.
The incident was investigated, and revealed that the University of Michigan’s Institutional Review Board (IRB), which is responsible for oversight of research studies, had mistakenly approved the use of postcards for contacting study participants. IRB is taking steps to ensure that similar incidents are prevented in the future, including improving education about protecting PHI in communication materials.
Michigan Medicine has experienced eight reportable data breaches since 2018 that have affected more than 500 individuals, including two phishing incidents last year that each affected more than 50,000 individuals. “We take patient privacy very seriously, and we regret this incident. Whenever situations like this occur, we immediately take steps to investigate,” said Jeanne Strickland, Michigan Medicine Chief Compliance Officer. “We will analyze this incident and review our safeguards and make changes if needed to protect those we care for.”
