BAKERHOSTETLER’S 2026 Data Security Incident Response Report, posted on 3 April 2026, covers the firm’s experiences representing 1,250 clients in 2025. According to BakerHostetler: The Risk Remains (Mostly) The Same, 2026. p. 10, healthcare accounted for 27% of clients, with Finance and Insurance next at 18%, and Education and Energy sectors among others making up the remainder.
The most frequent incident types were network intrusion (47%) and email compromise (32%), with 48% of all incidents involving data exfiltration or theft and 36% involving email account access; 27% involved ransomware deployment, 17% malware installation, and 13% wire or direct deposit fraud. In ransomware matters, the average initial demand rose 70% to $4.2 million and the average payment climbed 36% to $682,702, with discounts of 50–75% often achieved after 20–60 days of negotiation.
The report notes 34% of all clients ultimately paid a ransom, with lawsuits filed in 68 of 482 disclosed incidents in 2025, up from 51 of 518 in 2024, and it highlights that healthcare victims paid an average of $1.2M, while the largest healthcare demand was $98M.