$2.35M Cornerstone Specialty Hospitals Settlement, Who Is Eligible and How to File a Claim
A $2.35 million class action settlement resolves a lawsuit against Cornerstone Healthcare Group Management Services LLC, operating as Cornerstone Specialty Hospitals, over a December 2023 data breach that may have exposed sensitive patient information. The Cornerstone Specialty Hospitals class action settlement received preliminary approval from the court on January 8, 2026, and covers all individuals whose private information was compromised as a result of the December 2023 data breach and who were sent notice from the healthcare group. The claim deadline is May 8, 2026, and eligible individuals can file at CSHealthcareSettlement.com.
Quick Facts
| Detail | Information |
| Lawsuit Type | Data Breach Class Action |
| Defendant | Cornerstone Healthcare Group Management Services LLC d/b/a Cornerstone Specialty Hospitals |
| Case Name | Mireles v. Cornerstone Healthcare Group Management Services LLC, No. 3:24-cv-410-DJH |
| Court | U.S. District Court, Western District of Kentucky, Louisville Division |
| Current Status | Preliminarily Approved — Claim Period Open |
| Who May Be Affected | Individuals notified by Cornerstone of the December 2023 data breach |
| Settlement Amount | $2,350,000 |
| Claim Deadline | May 8, 2026 |
| Official Website | CSHealthcareSettlement.com |
| Administrator | Postlethwaite & Netterville / 1-844-687-7014 / [email protected] |
Current Status and What Happens Next
The court will determine whether to grant final approval to the Cornerstone Specialty Hospitals settlement following a hearing on May 14, 2026. Compensation will begin to be distributed to class members only after final approval has been granted and any appeals have been resolved.
Here is where the case stands right now:
- Preliminary approval: Granted January 8, 2026
- Claim filing deadline: May 8, 2026
- Opt-out / exclusion deadline: April 8, 2026
- Objection deadline: April 8, 2026
- Final approval hearing: May 14, 2026 at 1:30 PM EST
- Payment distribution: After final court approval and resolution of any appeals
If you exclude yourself from the settlement, you will receive no payment but will retain any rights you currently have with respect to the defendant. If you do nothing, you will not receive any benefits and will give up certain legal rights.
What the Lawsuit Alleges
Cornerstone became aware of suspicious network activity in its IT environment in mid-December 2023. Once detected, it launched an investigation, which ultimately confirmed that a data breach occurred on December 19, 2023.
The Cornerstone Healthcare Group class action lawsuit alleged that the acute-care hospital group, which operates in Arizona, Arkansas, Louisiana, Oklahoma, Texas, and West Virginia, failed to implement reasonable cybersecurity measures to protect the sensitive patient information stored on its systems, leading to a data breach on or around December 19, 2023.
During the course of the investigation, on May 30, 2024, Cornerstone determined that personal information was among the data subject to unauthorized access. The company completed a comprehensive data review and validation process and subsequently notified affected individuals.
On March 14, 2024, Cornerstone Healthcare Group Management Services LLC filed a notice of data breach with the U.S. Department of Health and Human Services. Cornerstone denies any wrongdoing but agreed to settle to avoid the costs and uncertainty of continued litigation.
Who Could Be Included
The Settlement Class includes all individuals identified on the defendant’s Settlement Class List whose private information may have been involved in the data incident.
In plain terms: if you received a written notification from Cornerstone Healthcare Group Management Services LLC stating that the December 2023 data incident may have compromised your personal information, you are likely a class member.
A separate SSN subclass covers individuals whose Social Security numbers the data incident potentially compromised. This group is eligible for additional benefits, including credit monitoring and a higher reimbursement cap.
Per court documents, private information that may have been compromised during the breach included names, dates of birth, addresses, driver’s license and government-issued ID numbers, financial information, medical information, insurance information, and, for some consumers, Social Security numbers.
Settlement Details
Compensation Options
Option 1 — Ordinary Out-of-Pocket Losses (Up to $2,500)
Class members who submit their claim form with documented proof of out-of-pocket losses stemming from the breach are eligible to receive up to $2,500 in reimbursement for ordinary losses, such as expenses related to credit monitoring, unreimbursed bank fees, and other miscellaneous charges such as travel and postage.
Option 2 — Extraordinary Losses for SSN Subclass (Up to $10,000)
Class members with documented losses associated with a Social Security number compromised during the breach may file a claim form to receive up to $10,000 in reimbursement for extraordinary losses, which covers losses related to identity theft, fraud, falsified tax returns, or other misuse of private information.
The settlement agreement outlines that claims for documented ordinary and extraordinary losses must include third-party documentation that proves actual monetary losses traceable to the breach that have not already been reimbursed by another source.
Option 3 — Pro Rata Cash Payment (No Documentation Required)
In lieu of either documented-loss payment, Cornerstone class members may instead file a claim to receive a one-time, pro-rated cash payment from the net settlement fund after the payment of attorneys’ fees, settlement administration costs, lead plaintiff service awards, and the cost of all other settlement benefits.
Payments made to SSN settlement subclass members will be three times the amount paid to class members whose Social Security numbers were not compromised in the breach.
Option 4 — Credit Monitoring and Identity Theft Protection
SSN subclass members are eligible for credit monitoring services as an additional benefit. Details on the specific credit monitoring product and duration are available at CSHealthcareSettlement.com.
How to File a Claim
Online (preferred): Visit CSHealthcareSettlement.com and click “Submit a Claim.” Log in using your Claim Number and PIN from your settlement notice to complete the process.
Mail claims to: Cornerstone Data Incident Settlement Administrator PO Box 2271 Baton Rouge, LA 70821
Administrator contact:
- Phone: 1-844-687-7014
- Email: [email protected]
- Website: CSHealthcareSettlement.com
Key Deadlines
| Action | Deadline |
| Submit a claim form | May 8, 2026 |
| Opt out / exclude yourself | April 8, 2026 |
| Object to the settlement | April 8, 2026 |
| Final approval hearing | May 14, 2026 |
Prior Cases and Industry Context
Healthcare data breach settlements have become increasingly common in recent years. Other recent healthcare-related data breach settlements include an $11M Norton Healthcare settlement offering cash and medical data monitoring to individuals affected by a May 2023 breach, and an $8.5M Signature Performance settlement for individuals affected by a January 2024 breach.
Hospitals and healthcare providers hold some of the most sensitive categories of personal data — including Social Security numbers, medical histories, and insurance information. Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare entities must implement reasonable safeguards to protect patient information. Failures to meet these standards have formed the foundation of a growing number of class action data breach lawsuits nationwide.
Frequently Asked Questions
Is this a class action lawsuit?
Yes. A class action lawsuit was filed against Cornerstone Healthcare Group Management Services LLC d/b/a Cornerstone Specialty Hospitals in the U.S. District Court for the Western District of Kentucky, Louisville Division, Case No. 3:24-cv-410-DJH. The case alleges the company failed to adequately protect patient data from a December 2023 cyberattack.
Has the settlement been approved?
The court granted preliminary approval on January 8, 2026. A final approval hearing is scheduled for May 14, 2026 at 1:30 PM EST. Payments will not be distributed until the court grants final approval and any appeals are resolved.
Who may be eligible to file a claim?
Individuals who received a notice from Cornerstone Healthcare Group Management Services LLC d/b/a Cornerstone Specialty Hospitals of a data incident that occurred in December 2023 may be eligible for payment and/or credit monitoring services from the class action settlement.
What is the maximum compensation available?
Individuals who received a notification from Cornerstone Healthcare Group about the 2023 data breach may be eligible to claim up to $12,500 or free credit monitoring. The $12,500 cap applies to SSN subclass members claiming both ordinary and extraordinary losses combined.
What is the official settlement website?
CSHealthcareSettlement.com is the only authorized website for this litigation. Other websites may contain incorrect information about this litigation and should not be relied upon.
What is the deadline to file a claim?
The deadline to submit a claim form is May 8, 2026. Missing this deadline means forfeiting your right to receive compensation from this settlement.
What personal information was exposed?
The compromised data varied by individual but could include sensitive details such as names, Social Security numbers, dates of birth, government ID numbers, financial information, email and login credentials, passport numbers, medical or health-related data, and more.
Do I need a lawyer to file a claim?
No. You can file a claim directly at CSHealthcareSettlement.com at no cost. Filing is free and does not require an attorney.
Additional Context
Cornerstone Healthcare Group Management Services LLC provides specialized medical care through a network of hospitals focused on patients with complex, long-term acute needs. The organization serves patients who require extended hospital stays due to conditions that demand intensive care, with facilities across multiple states.
Cornerstone reported the data breach to several state attorneys general beginning in July 2024 and notified at least two others in November. If you believe you may have been affected but did not receive a notice, contact the settlement administrator at 1-844-687-7014 or [email protected] to verify your eligibility before the May 8, 2026 deadline.
Last Updated: March 3, 2026
Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah