Officials in Albemarle County, Virginia, have confirmed that sensitive data, including protected health information (PHI), was compromised in a June 2025 ransomware attack. The attack commenced on June 10, 2025, and was detected the following day when staff were unable to access certain files on the network. State and federal law enforcement were notified, and third-party cybersecurity experts were engaged to assist with the investigation and determine the scope of the data breach. On July 15, 2025, the investigation confirmed that the PHI of members of its self-insured health plan was compromised in the attack.
The compromised PHI varied from individual to individual and may have included names, email addresses, home addresses, phone numbers, dates of birth, Social Security numbers, employee/user ID numbers, healthcare ID numbers, account/patient ID numbers, health information, dates of services, billing and claims information, medical provider names, invoice numbers for the medical care received, and health insurance information.
In addition, the data of current and former government and public school employees was compromised, as well as information relating to their dependents. The affected employee information included names, addresses, Social Security numbers, driver’s license numbers, passport numbers, military ID numbers, and state ID card numbers. Individuals who did business with the county or who applied for or received services from the county were also affected…