Imprivata picks up SecureLink to expand healthcare cybersecurity tech

IT security company Imprivata picked up critical access management firm SecureLink to expand its cybersecurity solutions for healthcare.

The deal, first announced Feb. 23, values the combined health care technology company at approximately $3.5 billion, Axios' Sarah Pringle reports.

Software investment firm Thoma Bravo acquired Imprivata in 2016 in a deal valued at approximately $544 million. Thoma Bravo was looking to sell the healthcare security vendor two years ago but the sales process was postponed due to concerns about the COVID-19 virus creating market uncertainty, according to a PE Hub report.

Thoma's reinvestment was used to fund the SecureLink acquisition of SecureLink and signals the investment firm isn't looking to sell anytime soon.

Upon closing, Cove Hill Partners, SecureLink's existing majority investor, will retain a minority stake in the combined company.
Imprivata, a portfolio company of Thoma Bravo,

The acquisition uniquely addresses the rapidly growing need for a single source to enable and protect all digital identities, spanning enterprise to third parties, Imprivata executives said in an announcement.

"With the addition of SecureLink's capabilities, Imprivata is creating a new class of cybersecurity providers that unlocks digital freedom across platforms and applications by seamlessly securing identity interactions at every access point," Scott Crabill, a managing partner at Thoma Bravo, said in a statement.

Employees and third parties need access to data and applications in more places at more times, but security breaches have proven that there are vulnerabilities in the current system. Imprivata offers digital identity solutions to provide healthcare workers with quick and secure user access with a single sign-on.

With SecureLink capabilities, Imprivata aims to deliver the only single-vendor platform to fully manage and secure all enterprise and third-party digital identities and provide secure access to on-premises and cloud applications, virtual desktops, shared mobile and medical devices, and workstations.

According to the Cybersecurity and Infrastructure Security Agency (CISA), stolen credentials are one of the primary attack vectors for gaining illegal access into networks, including access from supply chains and third-party vendors. In fact, third-party vendors account for 51% of data breaches.

Cybersecurity breaches hit an all-time high in 2021, exposing a record amount of patients' protected health information, according to a report from cybersecurity company Critical Insights.

In 2021, 45 million individuals were affected by healthcare attacks, up from 34 million in 2020. That number has tripled in just three years, growing from 14 million in 2018, according to the report, which analyzes breach data reported to the U.S. Department of Health and Human Services by healthcare organizations.

Healthcare and other mission-critical organizations are facing significant pressure to secure their workflows against the constant threat of cyberattacks. The companies’ combined data science capabilities will provide new tools to automate identity systems, unlocking significant operational efficiencies and preventing security threats before they happen, the companies said in a press release.

“The importance of protecting digital identities has never been greater. The combined organization creates a holistic set of capabilities that enable the secure and efficient use of digital identities, while providing visibility and control of how they are used," said Patrick Tickle, CEO of SecureLink, in a statement.