Cornerstone Care Center Data Breach Investigation
If you received a notice from Sanger Skilled Care, LLC dba Cornerstone Care Center, you may be wondering what happened and whether your information was involved. According to the publicly available notice, the company reported unauthorized activity involving one user account and later said a limited amount of protected health information may have been accessed by an unauthorized third party. The notice states there was no indication of misuse at the time it was sent, but the publicly available sample does not identify the exact data elements or the number of affected individuals. Below, we explain what the notice says, practical steps to take, and what legal rights people often ask about after a reported healthcare data incident.
Sanger Skilled Care, LLC dba Cornerstone Care Center is a California healthcare entity. Based on the public notice, it maintains protected health information in the ordinary course of business. In May 2026, the organization disclosed a reported security incident involving one user account.
Key Facts at a Glance
- Company: Sanger Skilled Care, LLC dba Cornerstone Care Center
- Industry: Healthcare
- Location: California
- Incident type: Reported hacking/IT incident involving unauthorized activity tied to one user account
- When the issue was identified: According to the notice, Cornerstone became aware of the activity on or around April 7, 2026
- Investigation finding: The notice says that by April 16, 2026, Cornerstone determined a limited amount of protected health information may have been accessed by an unauthorized third party
- Notice date: May 7, 2026
- California AG listing date: May 7, 2026
- Information involved: Publicly available materials identify certain protected health information, but the visible sample notice does not specify the exact data elements
- Affected individuals: Not specified in the materials reviewed
- Assistance offered: 12 months of complimentary credit monitoring through Cyberscout, a TransUnion company, according to the notice
What Happened?
According to the sample notice filed with the California Attorney General, Cornerstone reported that it became aware of certain unauthorized activity involving one user account on or around April 7, 2026. The notice says the organization took steps to contain the incident right away and engaged a third-party forensic firm to investigate.
The same notice states that, after investigation, Cornerstone determined on April 16, 2026 that a limited amount of protected health information kept in the normal course of business may have been accessed by an unauthorized third party. Cornerstone also said that, at the time of the notice, there was no indication that anyone’s information had been misused. Notices were sent on May 7, 2026, and the matter was publicly listed on the California Attorney General portal the same day.
What Information Was Exposed?
The public notice says certain protected health information, or PHI, may have been involved. However, the publicly available sample notice does not include a readable list of the exact data elements that may have been affected for each person.
That means the public record reviewed here does not confirm whether any particular individual’s name, date of birth, medical details, insurance information, Social Security number, or other identifiers were part of the incident. If you received a letter, review it carefully because your own notice may provide more detail than the public sample. Even when exact elements are not disclosed publicly, health-related information can still raise privacy concerns and may justify close monitoring.
What Should You Do Next?
- Read your notice carefully and keep a copy. Save the letter, note any deadlines, and keep the envelope or email if available. Your personal notice may contain details that do not appear in the public filing.
- Use the free credit monitoring if it was offered to you. According to the notice, Cornerstone arranged 12 months of complimentary credit monitoring through Cyberscout. The notice says enrollment must be completed within the stated deadline, so do not wait.
- Monitor your accounts, credit, and medical statements. Review bank and credit card activity, explanation-of-benefits statements, and credit reports for anything unfamiliar. You can obtain free credit reports at AnnualCreditReport.com.
- Consider a fraud alert or credit freeze if appropriate. A fraud alert tells lenders to take extra steps to verify identity. A credit freeze can restrict new credit from being opened in your name. If you believe identity theft has occurred, you can report it at IdentityTheft.gov.
- Document suspicious activity right away. Keep records of unexpected bills, denied claims, collection notices, or account changes. If something looks wrong, contact the relevant financial institution, insurer, or healthcare provider promptly.
- Ask questions about your legal options if you are concerned. If you received a Cornerstone notice and want to understand whether you may have a claim, you can fill out the form on this page to contact Strauss Borrelli PLLC for a free review.
Your Legal Rights
People affected by a reported healthcare data incident often ask whether they have legal rights even if they have not yet seen fraud. The answer depends on the facts, including what information may have been involved, what the organization knew, how it responded, and which laws apply.
In some situations, individuals may have rights related to timely notice, identity-theft protection, and potential legal claims if inadequate safeguards or other failures are shown. That does not mean every notice leads to a lawsuit or recovery, but it can make sense to have a lawyer review the circumstances. If you later notice suspicious financial activity, identity-theft issues, or unexplained medical billing, keep documentation because it may matter when evaluating next steps.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents consumers in data breach and privacy matters and understands how to evaluate notice letters, investigation timelines, and the real-world impact these incidents can have on affected people. Our team can review the publicly reported facts, compare them with the notice you received, and explain your options in plain English. If you want to find out whether you may qualify for a claim related to the reported Cornerstone Care Center incident, we invite you to reach out for a free, no-obligation case review.
If you received a breach notification letter from Cornerstone Care Center:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
