Sanger Skilled Care, LLC d/b/a Cornerstone Care Center (“Cornerstone”) recently disclosed a cybersecurity incident involving unauthorized access to a user account that may have exposed protected health information (“PHI”). According to the organization, suspicious activity was identified in April 2026, and an investigation later determined that certain patient information may have been accessed by an unauthorized third party. Although Cornerstone states there is currently no indication that the information has been misused, affected individuals are being offered complimentary credit monitoring services through Cyberscout.
Cornerstone Care Center’s Data Breach Investigation
According to the notification issued by Cornerstone Care Center, the organization became aware of unauthorized activity involving one user account on or around April 7, 2026. Upon discovering the activity, Cornerstone reportedly acted quickly to contain the incident and engaged a third-party forensic firm to investigate the nature and scope of the unauthorized access.
Following a detailed forensic investigation, Cornerstone determined on April 16, 2026, that a limited amount of protected health information maintained in the normal course of business may have been accessed by an unauthorized third party in connection with the incident.
Although the organization stated that there is currently no evidence suggesting misuse of affected information, healthcare-related data breaches can create serious risks involving identity theft, medical fraud, insurance fraud, phishing attempts, and unauthorized disclosure of confidential medical information.
The notice did not publicly specify all categories of information involved, stating only that one or more types of personal and protected health information may have been impacted. Healthcare providers and skilled nursing facilities often maintain sensitive information such as names, medical information, insurance records, billing data, and treatment details, which can be highly valuable to cybercriminals.
Cornerstone stated that it took immediate action after discovering the incident, including containing the unauthorized activity, conducting a thorough investigation, and implementing additional safeguards to help protect information moving forward. The organization also arranged for complimentary credit monitoring services through Cyberscout, a TransUnion company, for affected individuals.
Healthcare providers and care centers are increasingly targeted by cyberattacks because of the large amount of sensitive patient information stored within their systems. Even when organizations do not identify confirmed misuse of the exposed information, affected individuals may still face long-term privacy and identity theft risks.
When Did This Breach Occur?
Cornerstone Care Center discovered unauthorized activity involving a user account on or around April 7, 2026.
Following a forensic investigation, the organization determined on April 16, 2026, that protected health information may have been accessed by an unauthorized third party.
What Information Was Breached?
According to Cornerstone Care Center, the potentially exposed information may have included protected health information maintained in the normal course of business.
The notice states that one or more categories of sensitive information may have been involved, although the full list of affected data elements was not publicly disclosed.
Potentially impacted information may have included:
- Protected health information (PHI)
- Personal identifying information
- Medical or healthcare-related information
The organization stated that there is currently no evidence indicating misuse of the information.
What You Can Do
If you received a notice from Cornerstone Care Center regarding this incident, there are several important steps you can take to help protect your information:
- Enroll in the complimentary 12 months of online credit monitoring services offered through Cyberscout, a TransUnion company.
- Monitor financial accounts, insurance records, and medical statements for suspicious activity.
- Review explanation-of-benefits statements and healthcare billing records for unfamiliar services or charges.
- Consider placing a fraud alert or security freeze with Equifax, Experian, and TransUnion.
- Obtain free annual credit reports through AnnualCreditReport.com.
- Change passwords associated with healthcare portals and sensitive online accounts.
- Remain cautious of phishing emails, phone calls, or text messages requesting personal or medical information.
- Promptly report suspicious activity to healthcare providers, insurers, financial institutions, or law enforcement authorities.
Cornerstone also encouraged affected individuals to remain vigilant by regularly reviewing account statements and credit histories for suspicious or unauthorized activity.
File a Data Breach Lawsuit Against Cornerstone Care Center
Individuals affected by the Cornerstone Care Center data breach may have legal rights and could qualify to pursue compensation related to the exposure of their sensitive personal and medical information. Data breach lawsuits may seek compensation for identity theft risks, medical privacy concerns, out-of-pocket expenses, time spent responding to fraud concerns, and loss of privacy.
Healthcare providers and skilled nursing facilities are expected to maintain strong cybersecurity safeguards to protect patient records and confidential medical information from unauthorized access. When those safeguards fail, affected individuals may face ongoing financial and privacy risks.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
