Effective enterprise risk management in IT: Dan Yunker

Published by The Governance Institute, Kodiak’s Dan Yunker takes a deep dive into one of healthcare organizations’ biggest risk areas—IT and cybersecurity—outlining specific risks and strategies for governing boards to effectively manage them.

April 11, 2025

Effective enterprise risk management in IT: Dan Yunker

INDIANAPOLIS—(April 11, 2025)—Dan Yunker, Kodiak’s Senior Vice President of Risk and Compliance, has authored an article, “Effective Risk Management: Double Clicking on IT and Cybersecurity,” for The Governance Institute’s publication BoardRoom Press. Published in the April 2025 issue, the article delves into why it is important for organizations to align their risk coverage with the specific risks that have the biggest potential impacts to their strategic and operational objectives—what Kodiak calls a “return on risk” approach.

The risks facing healthcare organizations expand substantially each year. Kodiak tracks these risks in its annual top risks report. In the most recent report, IT was listed among the top four risks, along with financial/operational, compliance, and clinical risks.

In the BoardRoom Press article, Yunker highlights specific IT risks facing healthcare organizations, including system access management, business continuity, biomedical device security, cybersecurity, data governance, AI and other emerging technologies.

“IT risks are attached to everything today’s healthcare enterprises do—making them one of the most urgent, if not the most urgent, risk areas for governing boards and senior leadership to confront,” Yunker writes. “When organizations seek to prioritize risks, however, IT is surprisingly low on many lists—even though IT system failures or inaccessibility can put the very mission of healthcare at risk: the ability to deliver safe and effective medical care to patients and communities.”

Yunker emphasizes cybersecurity as a significant risk area and growing threat for healthcare organizations, as cyber criminals become increasingly sophisticated in their ability to execute costly, devasting breaches. He notes that governing boards and senior leadership will need to pay even closer attention to cybersecurity in the coming months because of anticipated regulatory changes. Recently proposed federal legislation around cybersecurity requirements for healthcare providers and their associates includes substantial reporting requirements and severe penalties for breaches, including individual prosecutions for senior executives and board members.

“Healthcare boards and senior leaders will need to stay ahead of pending legislation and evolving regulatory changes in the cybersecurity space and make sure their organizations have proper IT/cybersecurity controls in place,” Yunker writes.

Finally, Yunker outlines a series of strategies in the article that healthcare governing boards can consider to effectively manage their IT risks in a way that is comprehensive and embraces technology and the return-on-risk mindset, including:

Modernizing their risk assessment processes away from manual processes and toward technology-driven programs that rely on advanced analytics and modern technologies, including AI.

Implementing strong cybersecurity measures that are continuously reviewed to “keep pace with a quickly changing field,” Yunker writes.

Prioritizing staff training and education on cybersecurity policies, including how to recognize and respond to cyber threats and attacks.

Adopting continuous risk monitoring through use of technology tools and automation so organizations can scan for emerging risks.

Investing in IT risk management and cybersecurity, including solutions and tools like automated software that can identify threats in real time.

To view the full article, visit The Governance Institute’s website here. (Note: Content is available behind a paywall for TGI members only.)

# # # #

About Kodiak Solutions

Kodiak Solutions is a leading technology and tech-enabled services company that simplifies complex business problems for healthcare provider organizations. For nearly two decades as a part of Crowe LLP, Kodiak created and developed our proprietary net revenue reporting solution, Revenue Cycle Analytics. Kodiak also provides a broad suite of software and services in support of CFOs looking for solutions in financial reporting, reimbursement, revenue cycle, risk and compliance, and unclaimed property. Kodiak’s 450 employees engage with 2,000 hospitals and 300,000 practice-based physicians, across all 50 states, and serve as the unclaimed property outsourcing provider of choice for more than 2,000 companies. To learn more, visit our company page.

For Media:

Vince Galloro

312-625-2137

vince.galloro@sunrisehlth.com

Insights

SEE ALL INSIGHTS

Article

5 ways to stop unclaimed property escheatment before it happens

When it comes to unclaimed property compliance, a prevention mindset is essential for reducing risks like penalties, interest, and audits.

Report

Untangling the patient financial responsibility web

With great patient responsibility has come a great need for healthcare revenue cycle teams to improve point-of-sale collections—and they have. But this latest report from Kodiak shows that despite improvements, patient yield is falling, bad debt is not improving, and payor behavior is a direct cause of net revenue leakage. What can providers do?

Article

Why unclaimed property lives everywhere (but is owned nowhere!)

Unclaimed property compliance is a hot potato in most organizations. But without clear internal ownership, the risks of getting burned go up. Here’s how to overcome the challenges.

See all insights