Thoma reinvests in Imprivata amid $3.5B union with SecureLink


Illustration: Megan Robinson/Axios
Thoma Bravo’s Imprivata completed the acquisition of SecureLink, valuing the combined health care technology company at approximately $3.5 billion, a source familiar with the deal terms tells Sarah.
Why it matters: Imprivata, which is building out a digital identity technology framework for health care, has been on investors' M&A watch list since postponing its sale process two-plus years ago due to COVID.
- This indicates that Thoma, six years into its investment, is resetting the clock to invest in the future growth of the company with no intentions of exiting anytime soon.
Details: Thoma will be the majority owner of the newly merged company, with SecureLink existing owner Cove Hill Partners retaining a minority stake.
- The combined equity contribution into the new business (from the two PE firms plus the management teams of Imprivata and SecureLink) totals north of $2 billion, a source tells Sarah.
- Thoma is reinvesting through its latest flagship fund, exiting its original investment in full through the transaction, the source says.
- Goldman Sachs led financing to support the transaction. Raymond James advised SecureLink.
By the numbers: Thoma bought Imprivata in September 2016 in a deal valued at approximately $544 million, implying the company post-SecureLink has grown more than sixfold in value.
- Imprivata generates $180 million of EBITDA on approximately $330 million of revenue, with the top line trending toward $400 million-plus in its current fiscal year, CEO Gus Malezis told Sarah in March.
Zoom in: The Lexington, Mass.-based company, entering what Malezis previously dubbed "Imprivata 3.0," is scoring a large, new growth avenue via SecureLink.
- Imprivata today helps health care workers within a hospital efficiently access a constellation of applications using a single sign-on, either via a finger or badge tap.
- SecureLink builds on top of that, enabling appropriate access to nonemployee, third-party vendors at hospitals that are using devices.
State of play: The demand for cybersecurity solutions in health care is at an all-time high, and threats have only elevated through the pandemic as health IT departments have focused on addressing COVID-related issues.
- SecureLink addresses an important gap in that respect, as third-party contractors, whether inadvertently or intentionally, pose a big cybersecurity risk to hospitals if they don’t have proper access (accounting for 51% of data breaches).
- Cyber threats have escalated by at least 50% to 60% over the last 24 months, Malezis said previously.
The bottom line: Whether in health care or in other end markets (where 20% of its combined tools focus today), the freshly capitalized company is better positioned to ease secure workflows as cyber threats accelerate.