Covered entities and their business associates should perform an enterprise-wide risk analysis to identify cyber vulnerabilities and how various types of breaches could affect their business, OCR ...