The Customer

Texas Oncology, part of the U.S. Oncology Network, is an industry-leading oncology practice helping to fight cancer. They are an independent and physician-led practice that delivers leading-edge technology and treatment options for innovative research into cancer. Texas Oncology’s ‘Precision Medicine’ line focuses on genomic and molecular characterization of patient disease to develop effective new therapies to treat some of the most challenging cancers.

Precision Medicine is a cutting edge approach to treating cancer patients that enables practitioners to select treatments based on their genetic understanding of their patient’s individual disease. Texas Oncology leads the industry with this kind of targeted therapy which leverages knowledge of the genetic changes in an individual’s tumor to decide which treatment will work best with the patient.

As an industry leader engaged in cutting edge research, securing information on their IP (intellectual property) as well as their patients confidential medical data is of the utmost importance.

McKesson Corporation, a Fortune 8 company, is a global leader in healthcare management and healthcare technology solution. In addition to being a global leader in oncology technology solutions and services, McKesson also provides specialty pharmaceutical solutions for biotech and pharmaceutical manufacturers. Additionally, McKesson delivers a comprehensive offering of managed technology related solutions to the non-hospital market and healthcare businesses.

Texas Oncology has an established managed hosting and security service provider agreement with McKesson Corporation. Under this agreement, McKesson is responsible for establishing and maintaining a secure hosting environment to ensure the confidentiality, privacy and availability of Texas Oncology’s critical data and business operations.

Validation of Existing Security Controls

Texas Oncology and McKesson Specialty Health have a long-standing partnership to provide cutting edge cancer research.

McKesson provides managed IT services to Texas Oncology, and is responsible for establishing and maintaining a secure hosting environment to ensure the confidentiality, privacy and availability of Texas Oncology’s critical data and business operations. As a result, all Texas Oncology data, including Precision Medicine, resides within a McKesson managed and controlled infrastructure.

McKesson’s managed IT and security compliance attestations provide reasonable assurances of their ongoing ability to properly assess and mitigate IT-related risks within their managed environments, and of their ability to effectively secure Texas Oncology’s confidential intellectual property and patient medical data.

Night Lion Security was asked to provide an independent third-party validation and audit of McKesson’s security controls, respective to the Texas Oncology and Precision Medicine environments, and to provide security recommendations for ongoing security improvements.

The Solution

Working with Mr. Troia, the cybersecurity team at JetBlue verified the proof, identified the intruder on their network, and was able to contain and exclude the intruder. They then worked with law enforcement to track down the culprits and begin a criminal case against him.