CynergisTek, a privately held computer security firm, has been acquired by Auxilio, a document workflow management company, in a deal valued at $34 million.
Auxilio will make an initial payment of $26.8 million in cash and stock with a possible additional $7.5 million over the next five years if “certain financial criteria” are met, according to a statement from Auxilio, based in Mission Viejo, Calf.
It is Auxilio's third acquisition in the data security arena, according to the company's website. It follows the pickup of Delphiis, an information security consulting firm and software-as-a-service company, in 2014, and the purchase of Redspin, a HIPAA risk assessment and penetration testing firm, in 2015.
“We have long stated our desire to expand our reach in healthcare IT security, and this acquisition puts us in an immediate leadership position in the category,” said Auxilio CEO Joe Flynn in a news release. “While CynergisTek will continue to operate independently, there are numerous opportunities for mutually assisted growth over the near term, and we foresee the ability to offer services under a combined umbrella over time.”
Auxilio posted net income of $1.3 million, or 5 cents a share on $61.3 million in revenue, in 2015, and net income of $1.2 million, or 5 cents a share on $44 million in revenue, for the first 9 months of 2016, according to its SEC filings.
CynergisTek based in Austin, Texas, has a familiar profile in the healthcare information technology industry due to its CEO, Michael "Mac" McMillan, a former chairman of the Privacy and Security Steering Committee of the Healthcare Information and Management Systems Society, the health IT industry's largest trade group.
McMillian will become president of Auxilio, he and CynergisTek co-founder, president and COO Michael Mathews will serve on its board of directors, and McMillan will retain the title of CEO of his company, which will retain its name and become a wholly owned subsidiary of Auxilio.
“We're going to continue to grow the CynergisTek brand,” he said.
The healthcare industry has long underinvested in data security and has been victimized in recent years by massive data breaches.
Hackers, including those suspected of being from foreign countries, have both downloaded medical records and locked them up using encryption in so-called ransomware attacks.
According to a Modern Healthcare analysis of federally reported breaches, there were a record 106 hacking incidents in 2016 involving 500 or more individuals' records. They exposed more than 13.3 million persons' records.