Healthcare provider organisations face increasing risks tied to generative AI, cybersecurity, and evolving compliance demands in 2025, according to Kodiak Solutions’ annual Top Risks report. The findings, derived from audits and discussions with leaders at major U.S. hospitals and health systems, outline key focus areas for internal audits in the coming year.

“Our annual Top Risks report illustrates the wide range of risks that are keeping leaders of hospitals and health systems awake at night. The ripple effects these risks can cause across a provider organisation underscore the need for vigilance to keep problems from becoming entrenched in processes and systems,” said Dan Yunker, senior vice president, risk and compliance, at Kodiak Solutions.

Generative AI and machine learning, while offering potential benefits such as enhanced efficiency and reduced clinical burdens, pose notable risks. The report suggests internal audits that focus on areas including data integrity, governance policies, and staff training to ensure AI adoption prioritises patient safety and fairness.

Cybersecurity also remains a pressing concern for healthcare providers, particularly due to vulnerabilities in vendor systems. High-profile breaches, such as the Change Healthcare incident, demonstrate the potential for severe financial disruptions. Strong business continuity plans, robust system access management, and securing biomedical devices are critical defences against cyberattacks.

Compliance challenges with federal regulations

Healthcare organisations also face increasing compliance risks with laws like the No Surprises Act, price transparency mandates, and the 340B drug discount program. Failure to comply could result in steep penalties, repayment demands, or expulsion from critical programs.

“Robust internal auditing serves as the last line of defence before small issues grow into large problems that can threaten the health of the enterprise,” Yunker added.

Post Views: 39