Albemarle County, Virginia suffered a double-extortion ransomware attack in June 2024 resulting in confirmed exfiltration of PHI and PII, triggering HIPAA breach notification obligations; no specific ransomware group or CVE has been attributed. This item is most relevant to peer government and healthcare organizations as a reference incident for control gap assessment — primary gaps identified include insufficient MFA coverage on accounts with PHI access, inadequate DLP controls, and delayed breach detection. No direct patching action is available; use as a driver to validate MFA enforcement, DLP policy, and HIPAA-aligned incident response plan currency.