Cybersecurity consultancy CynergisTek acquires Backbone Consultants

04 November 2019 2 min. read

Austin-headquartered cybersecurity consultancy CynergisTek has acquired Backbone Consultants, a Minneapolis-based IT risk advisory firm. Both firms specialize in serving the healthcare sector.

Founded in 2008, Backbone Consultants delivers cybersecurity, IT audit & compliance, data privacy, and technical training services to healthcare and non-healthcare sector clients. The firm’s team of thee former Big Four consulting leaders and 14 cyber professionals has worked with two Fortune 1000 electronic health record vendors and one of the largest medical device manufacturers in the world.

The Minneapolis firm recorded revenues of $3.6 million in the last 12 months.

Backbone has now been purchased by CynergisTek, an Austin-based cybersecurity firm focused on the healthcare sector. The firm delivers consulting services in cybersecurity, privacy, compliance, as well as managed security services. The company has approximately 150 employees.

CynergisTek acquires Backbone Consultants

The transaction aligns with CynergisTek’s strategic plan to grow its managed services offering through targeted acquisitions. The initial consideration of approximately $7 million consists of $5.5 million cash and $1.5 million of CynergisTek common stock. An additional earn-out consideration of up to $4 million over the next three years could be paid out if Backbone meets specific financial criteria.

“Backbone Consultants’ suite of services will immediately complement our entire portfolio as well as provide additional IT risk audit services and GDPR readiness,” said Caleb Barlow, CEO and president of CynergisTek. “We will look to leverage CynergisTek’s existing client base to cross-sell our services, leverage our back office to bring more efficiency and support to the Backbone team, and look to convert Backbone’s annual audits into a managed service.”

The transaction will see CynergisTek absorb Backbone’s electronic prescriptions for controlled substances (EPCS) audit service, which validates systems and processes used for electronic prescriptions to meet DEA requirements. These mandated, recurring third-party audits have special importance in the context of the ongoing opioid crisis.

This summer Johnson & Johnson was ordered to pay $572 million to the State of Oklahoma for its role in the opioid crisis. The case was the first to go to trial out of thousands of lawsuits against opioid makers and distributors.

Opioids were involved in 400,000 overdose deaths in the US from 1999 to 2017, according to stats from the US Centers for Disease Control and Prevention.