Case Studies

McKesson- Empowering Healthcare

With sales of $112 billion in 2011, McKesson Corporation (NYSE: MCK) is the largest pharmaceutical company in the world — providing medicines, pharmaceutical supplies, information, and care management products and services across the healthcare industry.

View Full Case Study

Overview

With sales of $112 billion in 2011, McKesson Corporation (NYSE: MCK) is the largest pharmaceutical company in the world — providing medicines, pharmaceutical supplies, information, and care management products and services across the healthcare industry. McKesson has more than 50 global offices and employs more than 32,500 people.

  • Key Business Needs: McKesson needed a robust, scalable, and cost-effective vulnerability management system to ensure the company would continue to meet core regulatory compliance initiatives.
  • Tenable Products Selected: McKesson selected Tenable SecurityCenter™ integrated with the Nessus® vulnerability scanner to gain a rapid, centralized view of vulnerability status across its immense and complex global network.
  • Top Benefits: The company’s enhanced security process streamlined compliance reporting and ensured auditors have visibility into the vulnerability status of newly-acquired and existing systems. As McKesson continues to grow by acquisition, Tenable’s technology scales quickly and easily and helps the company pinpoint and prioritize vulnerabilities and threats.

Business Needs

McKesson needed a robust, scalable, and cost-effective vulnerability management system that could quickly and easily expand with the healthcare giant as it acquired new businesses. The new security system needed to ensure the company would continue to meet its core regulatory compliance initiatives, such as HIPAA, PCI, SOX, HITRUST, and FISMA.

“We’re a growth-by-acquisition kind of company, acquiring roughly five to ten new businesses every year,” said Eric Dixon, Information Security Manager, McKesson. “A core part of my responsibility in the security division of McKesson is to understand how many new IT systems we’re inheriting − do they expose us to any new risks or vulnerabilities − and what kind of impact the acquisition will have on our compliance status.”