Thoma reinvests in Imprivata amid $3.5B union with SecureLink

Thoma Bravo’s Imprivata completed the acquisition of SecureLink, valuing the combined health care technology company at approximately $3.5 billion, a source familiar with the deal terms tells Sarah.

Why it matters: Imprivata, which is building out a digital identity technology framework for health care, has been on investors' M&A watch list since postponing its sale process two-plus years ago due to COVID.

• This indicates that Thoma, six years into its investment, is resetting the clock to invest in the future growth of the company with no intentions of exiting anytime soon.

Details: Thoma will be the majority owner of the newly merged company, with SecureLink existing owner Cove Hill Partners retaining a minority stake.

• The combined equity contribution into the new business (from the two PE firms plus the management teams of Imprivata and SecureLink) totals north of $2 billion, a source tells Sarah.
• Thoma is reinvesting through its latest flagship fund, exiting its original investment in full through the transaction, the source says.
• Goldman Sachs led financing to support the transaction. Raymond James advised SecureLink.

By the numbers: Thoma bought Imprivata in September 2016 in a deal valued at approximately $544 million, implying the company post-SecureLink has grown more than sixfold in value.

• Imprivata generates $180 million of EBITDA on approximately $330 million of revenue, with the top line trending toward $400 million-plus in its current fiscal year, CEO Gus Malezis told Sarah in March.

Zoom in: The Lexington, Mass.-based company, entering what Malezis previously dubbed "Imprivata 3.0," is scoring a large, new growth avenue via SecureLink.

• Imprivata today helps health care workers within a hospital efficiently access a constellation of applications using a single sign-on, either via a finger or badge tap.

• SecureLink builds on top of that, enabling appropriate access to nonemployee, third-party vendors at hospitals that are using devices.

State of play: The demand for cybersecurity solutions in health care is at an all-time high, and threats have only elevated through the pandemic as health IT departments have focused on addressing COVID-related issues.

• SecureLink addresses an important gap in that respect, as third-party contractors, whether inadvertently or intentionally, pose a big cybersecurity risk to hospitals if they don’t have proper access (accounting for 51% of data breaches).
• Cyber threats have escalated by at least 50% to 60% over the last 24 months, Malezis said previously.

The bottom line: Whether in health care or in other end markets (where 20% of its combined tools focus today), the freshly capitalized company is better positioned to ease secure workflows as cyber threats accelerate.