If you were a patient at any Cornerstone Specialty Hospitals location and received a notice about a December 2023 data breach, you may be eligible to file a claim in a class action settlement reportedly worth $2.35 million. The case, *Mireles v. Cornerstone Healthcare Group Management Services LLC d/b/a Cornerstone Specialty Hospitals* (Case No. 3:24-cv-410-DJH), has an active claims portal where affected individuals can submit their claims for payment and credit monitoring services.
For someone whose Social Security number was exposed in the breach, this settlement represents a concrete path toward compensation — not just a letter in the mail to ignore. The breach itself was detected in mid-December 2023 and affected over 50,000 people across multiple states. Cornerstone operates 15 hospital locations in Arizona, Arkansas, Louisiana, Oklahoma, Texas, and West Virginia as part of the ScionHealth network, meaning the reach of this incident was substantial. This article walks through exactly what happened, who qualifies, how to file your claim, what benefits are available, and the deadlines you need to know about.
Table of Contents
- What Is the Cornerstone Specialty Hospitals Data Breach Settlement and Who Qualifies?
- What Personal Information Was Exposed in the Breach?
- How Did the Breach Happen and What Did Cornerstone Do About It?
- How to File Your Claim for Payment and Credit Monitoring
- Common Pitfalls and What Could Reduce Your Payout
- What Texas Residents Should Know
- The Bigger Picture for Healthcare Data Breaches
- Frequently Asked Questions
What Is the Cornerstone Specialty Hospitals Data Breach Settlement and Who Qualifies?
The settlement resolves a class action lawsuit filed in the U.S. District Court for the Western District of Kentucky, Louisville Division, after Cornerstone detected suspicious network activity and confirmed on December 19, 2023, that an unauthorized party had accessed its systems. The subsequent investigation, completed on May 30, 2024, revealed that personal information — including names, Social Security numbers, medical records, and financial account details — had been compromised. Cornerstone began notifying impacted patients in early July 2024, and the lawsuit followed shortly after. Eligibility is straightforward: if you received a notification letter from Cornerstone about the December 2023 data incident, you are likely a class member.
Initially, reports indicated at least 10,000 individuals were affected. However, a filing with the Texas Attorney General on November 6, 2024, revealed that 50,544 Texans alone were impacted, suggesting the total number of affected individuals across all six states is significantly higher. The official settlement website at [cshealthcaresettlement.com](https://www.cshealthcaresettlement.com/) has the full details on class membership and the claims process. To put this in perspective, compare this to other recent healthcare data breach settlements. Many resolve for far less per person because the class sizes are enormous. With a reported $2.35 million fund, the per-person payout depends entirely on how many people file claims — which is why filing early and correctly matters.
What Personal Information Was Exposed in the Breach?
The scope of compromised data in this breach is unusually broad, which is part of what makes it so serious. According to legal filings, the exposed information includes names, dates of birth, Social Security numbers, federal and state ID numbers, passport numbers, financial account information, credit and debit card numbers, digital signatures, email addresses and passwords, usernames and passwords, medical and health information, and health insurance details. That is not a minor leak — it covers nearly every category of sensitive personal data a hospital might hold. The inclusion of both financial data and protected health information (PHI) is particularly concerning.
A stolen credit card number can be replaced. A compromised Social Security number combined with your medical history and date of birth, however, opens the door to medical identity theft — where someone uses your information to obtain healthcare services, prescriptions, or insurance benefits under your name. This type of fraud can be harder to detect and more difficult to unravel than standard financial identity theft, and it can affect your own medical records in dangerous ways. If you were a Cornerstone patient and have not yet checked whether your information was involved, do not assume you are safe simply because you did not receive a letter. Notification processes can be delayed, and some letters go to outdated addresses. Contact Cornerstone directly or visit the [claims portal](https://cshealthcaresettlement.eagclaims.com/) to verify your eligibility.
How Did the Breach Happen and What Did Cornerstone Do About It?
Cornerstone detected suspicious network activity in mid-December 2023 and confirmed the breach on December 19, 2023. At that point, the hospital chain launched an investigation — a process that took until May 30, 2024, to complete. That five-month gap between detection and determining exactly what data was accessed is not unusual for breaches of this complexity, but it meant that affected patients were living with compromised information for months before being told. Notification letters began going out in early July 2024, roughly six and a half months after the breach was first detected.
For patients whose Social Security numbers and financial information were sitting exposed during that window, the delay is a legitimate grievance. Consider someone whose SSN was stolen in December 2023 but who did not learn about it until July 2024 — that is seven months during which a bad actor could have opened fraudulent accounts, filed false tax returns, or committed medical identity theft without the victim having any reason to monitor for it. Cornerstone is part of ScionHealth, a larger healthcare management company, which means institutional resources were available for the response. The lawsuit alleges that the company’s data security measures were inadequate to prevent the breach in the first place — a claim that the settlement resolves without Cornerstone admitting fault, as is standard in these cases.
How to File Your Claim for Payment and Credit Monitoring
Filing a claim requires visiting the official claims portal at [cshealthcaresettlement.eagclaims.com](https://cshealthcaresettlement.eagclaims.com/). You will need your unique notice ID, which was included in the notification letter Cornerstone sent you. If you have lost that letter, the settlement administrator should be able to help you look up your information — contact details are available on the [official settlement website](https://www.cshealthcaresettlement.com/). The settlement offers eligible class members both monetary payment and credit monitoring services. When choosing between a cash payment and credit monitoring — or potentially both, depending on the settlement terms — consider your actual exposure.
If your Social Security number was compromised, credit monitoring is arguably the more valuable benefit in the long run, even if the cash payment feels more immediate. Fraudulent activity stemming from a breach like this can surface months or even years later. On the other hand, if you already have credit monitoring through another service or a previous breach settlement, the cash payment may be more practical for you. One important note: the specific claim deadline was not publicly available in the materials I reviewed. Check the settlement website immediately, because data breach settlement deadlines are firm. Missing the deadline by even one day typically means forfeiting your right to compensation entirely, with no exceptions.
Common Pitfalls and What Could Reduce Your Payout
The biggest risk to your claim is simply not filing one. In most data breach settlements, the majority of eligible class members never submit a claim. That apathy benefits those who do file, since a smaller claims pool means a larger per-person payment from the settlement fund. But it also means thousands of people with genuinely compromised personal information walk away with nothing. Another common issue is incomplete documentation.
If the settlement allows claims for out-of-pocket expenses related to the breach — such as costs for credit freezes, time spent dealing with fraudulent accounts, or fees for identity theft protection you purchased on your own — you will need receipts or records to support those claims. Start gathering that documentation now, even before you file. Bank statements showing unauthorized charges, records of time spent on phone calls with creditors, and receipts for any monitoring services you purchased after learning of the breach are all potentially relevant. Be cautious about third-party services that offer to file your claim for you in exchange for a percentage of your payout. For a settlement like this, the filing process is designed to be completed by individuals without legal assistance. The claims portal is straightforward, and handing over a cut of an already modest payment to a claims-filing service is rarely worth it.
What Texas Residents Should Know
Texas residents deserve special attention here because the state-level numbers tell a stark story. The 50,544 Texans reported to the Texas Attorney General represent the single largest identified group of affected individuals, which makes sense given that Cornerstone operates multiple facilities in Texas.
Texas also has its own data breach notification laws under the Texas Identity Theft Enforcement and Protection Act, which imposes specific requirements on how quickly companies must notify residents and what remedies must be offered. If you are a Texas resident affected by this breach, you may have additional rights under state law beyond what the federal class action settlement provides. It is worth reviewing whether the Texas Attorney General’s office has taken any independent enforcement action against Cornerstone, as state-level penalties or settlements sometimes run parallel to class action cases and can offer separate compensation.
The Bigger Picture for Healthcare Data Breaches
Healthcare data breaches have been increasing in both frequency and severity, and the Cornerstone incident fits a troubling pattern. Hospitals and specialty care facilities hold some of the most sensitive personal data anywhere — not just financial information, but detailed medical histories, insurance records, and government-issued identification — yet many operate with security infrastructure that has not kept pace with the threat landscape. The fact that a network spanning 15 facilities across six states was compromised underscores how a single point of failure can cascade across a large healthcare system.
For patients, the takeaway is not just about this settlement. Every time you provide personal information to a healthcare provider, you are trusting their security practices with data that cannot be changed if stolen. Unlike a credit card number, you cannot get a new Social Security number or medical history. Filing your claim in the Cornerstone settlement is the immediate step, but the longer-term lesson is to routinely monitor your credit reports, consider placing fraud alerts or credit freezes proactively, and keep records of where your sensitive information has been shared.
Frequently Asked Questions
How do I know if I am eligible for the Cornerstone data breach settlement?
If you received a notification letter from Cornerstone Specialty Hospitals regarding the December 2023 data breach, you are likely an eligible class member. You can also check your eligibility through the official settlement website at cshealthcaresettlement.com or contact the settlement administrator directly.
What is the deadline to file a claim?
The exact claim deadline was not publicly available in the materials reviewed for this article. Visit the official settlement website at cshealthcaresettlement.com immediately to confirm the filing deadline, as these dates are strictly enforced.
What compensation can I receive from this settlement?
Eligible class members may receive monetary payment and credit monitoring services. The exact per-person amount will depend on the total number of claims filed against the reported $2.35 million settlement fund and the specific tier of benefits you qualify for based on your documented losses.
I lost my notification letter. Can I still file a claim?
Yes. Contact the settlement administrator through the official settlement website at cshealthcaresettlement.com to obtain your unique notice ID or verify your eligibility. Not having the original letter does not disqualify you from participating.
Should I take the cash payment or the credit monitoring?
It depends on your situation. If your Social Security number was exposed and you do not already have credit monitoring, the monitoring benefit may provide more long-term value. If you already have monitoring through another service, the cash payment might be more practical. Review the settlement terms to see if you can elect both.
Can I still file a claim if I have not noticed any fraud or identity theft?
Yes. You do not need to prove that you experienced fraud to be eligible. The settlement compensates you for the exposure of your personal information and the associated risk, not solely for documented losses. However, if you have experienced fraud, documenting those losses may entitle you to additional compensation.