Business RadioX ®

IT Due Diligence in a Merger

by

IT Due Diligence Merger

IT Due Diligence in a Merger (Advisory Insights Podcast, Episode 15)

In this episode of Advisory Insights, Stuart Oberman with Oberman Law Firm discussed the importance of cybersecurity in today’s business world. He stressed the need for businesses to do their due diligence in evaluating potential acquisition targets, why he recommends a cybersecurity risk assessment, and cautioned IT and HR professionals to be aware of the risks involved in handling sensitive information.

Advisory Insights is presented by Oberman Law Firm and produced by the North Fulton studio of Business RadioX®. The series can be found on all the major podcast apps. You can find the complete show archive here.

TRANSCRIPT

Outro: [00:00:01] Broadcasting from the studios of Business RadioX, it’s time for Advisory Insights, brought to you by Oberman Law Firm, serving clients nationwide with tailored service and exceptional results. Now, here’s your host.

Stuart Oberman: [00:00:21] Hello, everyone. Stuart Oberman here for Advisory Insights, your host. Hey, I want to talk about a couple of things here in mergers and acquisitions. In a previous podcast, we covered material risks that involved governmental reimbursement, fraud and abuse, and licensure. But I want to sort of digress a little bit. So, I mentioned before in some of our podcasts that we had really a 2021 extraordinary year, mergers and acquisitions, that we did about 135 acquisitions and probably $330 million worth of revenue in those acquisitions.

Stuart Oberman: [00:00:59] So, one, as I digress and looked at some of those acquisitions that we are involved in, some of them are fairly big. One of the items that was, I could tell you, significantly overlooked is I.T. and what due diligence is required in a merger and acquisition for I.T. So, look, when you get – the first thing you can do is you ask for financials, then you ask for account receivables and you ask for the customer database, then you ask for the products and services. Then, you ask for facilities. What we don’t see a lot of requests for is I.T. Now, I.T. is sort of one of those things where, “Well, I’m not worried about I.T. Everyone knows I.T. I got an I.T. guy.” Your I.T. guy will send you right down the river if you don’t understand some of this stuff.

Stuart Oberman: [00:01:47] So, let me tell you. I want to take a look at a couple of things, a couple of bullet points. If you’re contemplating a merger and acquisition, big or small, does it matter? I.T. I want to know how their sensitive data is stored. I want to know that. I want a specific outline of how that occurs. I want to know all their software licenses. I want to know what I’m paying for. I want to know what I’m committing to. I want to know what I’m assigning myself to. I want to know what’s being purchased. I want to know what can be canceled.

Stuart Oberman: [00:02:16] So, another thing I want to look at is, is my equipment I’m going to purchase out of date? Is it end of its life cycle? Is it ready for the big waste bin in the sky? Is my Windows application up to date? Or is my license up to date?

Stuart Oberman: [00:02:36] Also, we talked previously in a podcast regarding health care. Health care. Health care. If you’ve got a – if you had – well, first you want to do is ask that particular seller, “Have you ever had a breach?” And, if they have and they are a health care industry, you want to go, “Are you under investigation? Have you received notice from HHS or any other state or federal agency?” So, otherwise, you really don’t know if there has been a breach or if there’s still a breach you’re ready to purchase and you don’t even know about it.

Stuart Oberman: [00:03:16] One thing you want to take a look at is, have your I.T. person as well versed in this area, see if there’s been a breach before with the software. I would always recommend a complete cybersecurity risk assessment. The last thing you need is a hack. And all of a sudden you’re asked to go to the nearest Bitcoin station and transfer $25,000 in Bitcoin. What is the risk, especially in health care? What is the due diligence? Is there an annual risk assessment which is required under HIPAA?

Stuart Oberman: [00:03:54] Another thing we see as grossly overlooked, I want to know about your firewalls. I want to know about your backups. Do you back up by taking a flash drive home every night? Are you backed up to your computer? What if someone steals your computer? Are you backed up to the server? Are you backed up to the cloud? How secure is a cloud? Does your Uncle Vinnie control the cloud? What are the securities? You got to know these things.

Stuart Oberman: [00:04:22] “Well, my buddy has a great server. He stores all my I.T.” Well, that’s great, but what’s – let me know the buddy’s protocols. What’s the IP address? There’s a floating. I want to know how your data is backed up. Again, is it backed up to a flash drive? Is it backed up to the computer? Or you have no backup, whatever it is. I want to know what cybersecurity protocols and procedures you implemented in the last 12, 24 months. “Well, I haven’t really done anything. Everything’s secure.” You’ve got a problem. You better know what’s been upgraded. You better know what the security protocols are. You better know what you’re purchasing and you better know if they’ve had a breach of cybersecurity, period.

Stuart Oberman: [00:05:13] So, let’s take a look at a couple of other things that we’ve been looking at. Again, I think there’s a laundry list here. But again, I could probably talk for two hours on this one subject, but we just have a very limited time. I want to take a look at whether or not they have cybersecurity insurance. It is becoming very difficult to obtain cybersecurity insurance. There are only a few players in the market. And what are the coverages? What is the non-coverage? What are they making you do and what are you certifying that you have done and maintained in relation for that coverage? So, you’re going to get a checklist probably from the cybersecurity insurance company. It’s going to outline certain things that you’ve done, that you haven’t done or that you need to do. And I would venture to say that if you put something false and misleading on that particular application and they find out you have no coverage, which is horrible, especially when some of these big hacks.

Stuart Oberman: [00:06:18] So, I want to know what your I.T. guy is doing or if you have hired or going to hire a third party to do a vulnerability screen. I want to know what your vulnerabilities are. I want to know how to fix it. I want to know what patches I need. I want to see when the last time you’ve patched. Are you getting constant upgrades? Are you outdated on Windows? You know, are you in Windows 6? I’m going to – for those of you that are a little bit older, I’m going to use the term DOS. We have clients that are still working on DOS. Yes, DOS. I can’t stress that enough. We have members of practices, businesses that they’re running two systems, DOS. And then, for the younger guys, of course, the Windows and Macs.

Stuart Oberman: [00:07:12] So, I want to make sure your information technology person understands what’s going on. What are their qualifications? Do they simply do your backups, or are they a legit, legit down and dirty cybersecurity company?

Stuart Oberman: [00:07:29] So, again, in evaluating every business that you’re going to acquire – and let me go so far as this. If you’re a business, period, you’ve got to look at cybersecurity policies. You got to look at protocols, procedures. You should do your due diligence as if you’re purchasing your own business. Are you doing it? Are you doing a security risk analysis? Are you doing the assessments? Take a look at all these things.

Stuart Oberman: [00:07:53] Cybersecurity is no longer an option. It’s absolutely mandated with everything that goes on your systems, payments, history, Social Security numbers. It’s amazing what will end up on the black market, if you will, on information.

Stuart Oberman: [00:08:11] Folks, I tell you, again, that’s a three-hour conversation. I just want to hit some highlights. I want to hit some bullet points whether or not you’re looking to buy a business, whether or not you’re owning, you have owned a business, or you’re an I.T. guy, or you’re actually an H.R. person. Are you taking a look at all these things that you need to do on a daily basis especially to be secure?

Stuart Oberman: [00:08:33] Folks, we’re going to wrap it up for today. Stuart Obermann here, your host on Advisory Insights. Thanks for joining us. Hope you took away one or two things which will make you an absolute success.

Stuart Oberman: [00:08:43] If you want to reach us, please feel free to give us a call, 770-886-2400. Or myself, stuart, S-T-U-A-R-T, @obermanlaw.com. Thanks for joining us and we’ll see you on the next podcast.

Outro: [00:08:58] Thank you for joining us on Advisory Insights. This show is brought to you by Oberman Law Firm, a business-centric law firm representing local, regional, and national clients in a wide range of practice areas, including healthcare mergers and acquisitions, corporate transactions, and regulatory compliance.

About Advisory Insights Podcast

Presented by Oberman Law Firm, Advisory Insights Podcast covers legal, business, HR, and other topics of vital concern to healthcare practices and other business owners. This show series can be found here as well as on all the major podcast apps.

Stuart Oberman, Oberman Law Firm

Oberman Law Firm
Stuart Oberman, Founder, Oberman Law Firm

Stuart Oberman is the founder and President of Oberman Law Firm. Mr. Oberman graduated from Urbana University and received his law degree from John Marshall Law School. Mr. Oberman has been practicing law for over 25 years, and before going into private practice, Mr. Oberman was in-house counsel for a Fortune 500 Company. Mr. Oberman is widely regarded as the go-to attorney in the area of Dental Law, which includes DSO formation, corporate business structures, mergers and acquisitions, regulatory compliance, advertising regulations, HIPAA, Compliance, and employment law regulations that affect dental practices.

In addition, Mr. Oberman’s expertise in the healthcare industry includes advising clients in the complex regulatory landscape as it relates to telehealth and telemedicine, including compliance of corporate structures, third-party reimbursement, contract negotiations, technology, health care fraud, and abuse law (Anti-Kickback Statute and the State Law), professional liability risk management, federal and state regulations.

As the long-term care industry evolves, Mr. Oberman has the knowledge and experience to guide clients in the long-term care sector with respect to corporate and regulatory matters, assisted living facilities, continuing care retirement communities (CCRCs). In addition, Mr. Oberman’s practice also focuses on health care facility acquisitions and other changes of ownership, as well as related licensure and Medicare/Medicaid certification matters, CCRC registrations, long-term care/skilled nursing facility management, operating agreements, assisted living licensure matters, and health care joint ventures.

In addition to his expertise in the health care industry, Mr. Oberman has a nationwide practice that focuses on all facets of contractual disputes, including corporate governance, fiduciary duty, trade secrets, unfair competition, covenants not to compete, trademark and copyright infringement, fraud, and deceptive trade practices, and other business-related matters. Mr. Oberman also represents clients throughout the United States in a wide range of practice areas, including mergers & acquisitions, partnership agreements, commercial real estate, entity formation, employment law, commercial leasing, intellectual property, and HIPAA/OSHA compliance.

Mr. Oberman is a national lecturer and has published articles in the U.S. and Canada.

LinkedIn

Oberman Law Firm

Oberman Law Firm has a long history of civic service, noted national, regional, and local clients, and stands among the Southeast’s eminent and fast-growing full-service law firms. Oberman Law Firm’s areas of practice include Business Planning, Commercial & Technology Transactions, Corporate, Employment & Labor, Estate Planning, Health Care, Intellectual Property, Litigation, Privacy & Data Security, and Real Estate.

By meeting their client’s goals and becoming a trusted partner and advocate for our clients, their attorneys are recognized as legal go-getters who provide value-added service. Their attorneys understand that in a rapidly changing legal market, clients have new expectations, constantly evolving choices, and operate in an environment of heightened reputational and commercial risk.

Oberman Law Firm’s strength is its ability to solve complex legal problems by collaborating across borders and practice areas.

Connect with Oberman Law Firm:

Company website | LinkedIn | Twitter

Our Mission

We help local business leaders get the word out about the important work they’re doing to serve their market, their community, and their profession.

We support and celebrate business by sharing positive business stories that traditional media ignores. Some media leans left. Some media leans right. We lean business.

Sponsor a Show

Build Relationships and Grow Your Business. Click here for more details.

Partner With Us

Discover More Here

Terms and Conditions
Privacy Policy

Connect with us

Want to keep up with the latest in pro-business news across the network? Follow us on social media for the latest stories!

Business RadioX® Headquarters
1000 Abernathy Rd. NE
Building 400, Suite L-10
Sandy Springs, GA 30328