Albemarle County, Virginia sustained a ransomware attack in June 2024 resulting in confirmed exfiltration of PHI and PII belonging to county residents, with breach notifications issued following investigation completion. No specific ransomware family, threat actor, CVE, or technical IOCs have been publicly disclosed. PHI involvement triggers HIPAA Breach Notification Rule obligations and Virginia CDPA exposure; peer municipal and government-sector organizations should use this incident as a prompt to validate offline backup integrity, ransomware detection rule coverage, and breach notification runbook readiness.