Publicly traded healthcare document management firm Auxilio Inc. has made its third information security consultancy acquisition with the purchase of CynergisTek. Now Auxilio will combine the consultancies and expand its security services, says CynergisTek CEO Mac McMillan, who co-founded the consulting firm in 2004.
"My partner [Michael Mathews] and I founded this company with the idea of growing it to a certain point and eventually having it acquired," McMillan says in an interview with Information Security Media Group. "We sort of forgot that along the way and kept growing. But we got to a point finally where we recognized that ... we needed to take that next step."
CynergisTek will operate as an independent, wholly owned Auxilio subsidiary. McMillan will continue to serve as its CEO and will also take on the role of Auxilio president.
Under the Jan. 17 acquisition, valued at up to $34.3 million, Auxilio will pay CynergisTek initial consideration of approximately $26.8 million in cash, stock and seller debt. Additional "earn outs" may be paid of up to $7.5 million over the next five years based on certain financial criteria being met, Auxilio says.
Earlier, Auxilio acquired Redspin, a consultancy known for its HIPAA risk assessment services and penetration testing, and Delphiis, which offers security process and program development, incident response/forensics, risk assessments and a risk manager software-as-a-service solution.
Combining the three consultancies will "enhance our technical testing capabilities and the services we can offer on the technical security side ... and maybe reach other parts of the market that we weren't able to reach in the past," McMillan says.
In the interview, McMillan also discusses:
- Top cybersecurity challenges facing the healthcare sector in 2017 and beyond;
- Security technologies most commonly underutilized by healthcare organizations;
- His cybersecurity advice to the new Trump administration.
McMillan, co-founded Austin, Texas-based CynergisTek Inc., a firm specializing in information security and regulatory compliance in healthcare, financial services and other industries, in 2004. Prior to that, McMillan chalked up more than 30 years of security and risk management experience, including 20 years at the Department of Defense, most recently at the Defense Threat Reduction Agency.