Albemarle County, Virginia suffered a double-extortion ransomware attack in June 2024 resulting in confirmed theft of PII and PHI from county government IT systems, following a pattern consistent with phishing-initiated access, valid account abuse, lateral movement, data exfiltration, and encryption for impact. No specific ransomware family or threat actor has been attributed; HIPAA and Virginia state breach notification obligations were confirmed. Public sector and healthcare peers should review phishing controls, MFA enforcement on externally accessible accounts, ransomware resilience posture including offline backup integrity, and double-extortion response procedures in current IR playbooks.