How would you prioritize vulnerabilities based on severity, exploitability, and business impact at HCA Healthcare?