Albemarle County, VA, Confirms PHI Stolen in June Ransomware Attack
Officials in Albemarle County, Virginia, have confirmed that sensitive data, including protected health information (PHI), was compromised in a June 2025 ransomware attack. The attack commenced on June 10, 2025, and was detected the following day when staff were unable to access certain files on the network. State and federal law enforcement were notified, and third-party cybersecurity experts were engaged to assist with the investigation and determine the scope of the data breach. On July 15, 2025, the investigation confirmed that the PHI of members of its self-insured health plan was compromised in the attack.
The compromised PHI varied from individual to individual and may have included names, email addresses, home addresses, phone numbers, dates of birth, Social Security numbers, employee/user ID numbers, healthcare ID numbers, account/patient ID numbers, health information, dates of services, billing and claims information, medical provider names, invoice numbers for the medical care received, and health insurance information.
In addition, the data of current and former government and public school employees was compromised, as well as information relating to their dependents. The affected employee information included names, addresses, Social Security numbers, driver’s license numbers, passport numbers, military ID numbers, and state ID card numbers. Individuals who did business with the county or who applied for or received services from the county were also affected.
The investigation and file review have recently concluded, and notification letters are being mailed to the affected individuals. Out of an abundance of caution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. In addition to engaging cybersecurity experts to investigate the data breach, third-party HIPAA compliance specialists were engaged to evaluate the county’s environment to ensure full compliance with the HIPAA Rules. Training has been expanded for all individuals who handle information subject to HIPAA, and a review has been conducted of its policies related to the handling and storage of PHI. The county is currently evaluating additional actions that can be taken to strengthen network security. The data breach is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals had PHI compromised in the ransomware attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The attack appears to have been conducted by the INC Ransom ransomware group, which has added Albemarle County Public Schools to its dark web data leak site. INC Ransom claims to have exfiltrated 229 GB of data in the attack. INC Ransom has leaked the stolen data, so the affected individuals are strongly advised to sign up for the complimentary credit monitoring and identity theft protection services promptly, and should also review their accounts, explanation of benefits statements, and credit reports for signs of misuse of their personal data.
