DeWITT — Cyber Defense Institute, Inc. (CDI) has received plenty of interest since it set up a HIPAA security division about nine months ago. The division carries out compliance audits, risk assessments, vulnerability assessments, and penetration testing to help medical organizations conform to security rules that are part of HIPAA. That’s the acronym for the […]
DeWITT — Cyber Defense Institute, Inc. (CDI) has received plenty of interest since it set up a HIPAA security division about nine months ago.
The division carries out compliance audits, risk assessments, vulnerability assessments, and penetration testing to help medical organizations conform to security rules that are part of HIPAA. That’s the acronym for the 1996 Health Insurance Portability and Accountability Act, a federal law that established standards for securing electronic health information, among other things.
“We’ve been doing these kinds of assessments for several years,” says James Shea, co-founder and CEO of CDI. “We decided to put more resources into it and focus more on it.”
There’s a reason CDI, which also offers computer-security training, consulting, and professional services for governments, the military, and corporations, decided to invest more in its HIPAA compliance services this year. The field has been garnering more attention from medical providers because of another piece of federal legislation, the 2009 Health Information Technology for Economic and Clinical Health Act, better known as the HITECH Act.
“The HITECH Act kind of put some more teeth into HIPAA in terms of penalties and fines,” Shea says. “It tightened the regulations a bit.”
CDI’s HIPAA Security Division targets medical practices of different sizes, although those with about 25 employees seem to frequent it, he adds. The division typically performs risk assessments and vulnerability assessments simultaneously.
“One is more of a management questionnaire, and the other, the vulnerability assessment, is a very technical process,” Shea says. “We go in and scan their whole network.”
To establish its HIPAA Security Division, CDI hired one full-time employee dedicated to assessments and penetration testing. The business has been growing since then, according to Shea, although he declines to share specific revenue totals for the division or CDI. The company targets 10-percent revenue growth every year, he says. Shea is hoping to add more employees in the future, but stopped short of sharing specific goals.
The new HIPAA Security Division isn’t the only change at CDI this year. This spring, the company relocated from Syracuse University’s CASE Center to a new headquarters at 6647 Old Thompson Road in DeWitt.
Moving doubled CDI’s space, Shea says. The firm had 2,000 square feet at the CASE Center and now has 4,000 square feet. Midcourt Builders Corp. owns the building where CDI now leases space, according to records from Onondaga County’s Office of Real Property Tax Services.
“We wanted room to expand, and there was no more room at the CASE Center,” Shea says. “It was a good location for us for a couple of years.”
CDI employs three people full time, including Shea. It has five employees total, including contractors.
Shea co-founded the company in November 2009, along with Carlos Villalba. Both men had previously been with Syracuse University’s Center for Business Information Technologies (CBIT) and founded CDI shortly after CBIT closed in 2009.
But Villalba is no longer with CDI, according to Shea. He departed about a year ago to move to Phoenix, Ariz.
So about 10 months ago, Shea added a new partner, Richard Garza. Garza had been with CDI as an associate before becoming a partner in the business, according to Shea.
Another change CDI underwent in the last year was the closure of its office at Griffiss Institute in Rome. That office, which CDI launched at the end of 2010 by staffing it with Syracuse–based employees, closed in December 2011 due in part to a new program at Mohawk Valley Community College, Shea says.
“We were primarily doing training over there,” he says. “Mohawk Valley Community College got a grant to do cyber-security training for free. That kind of knocked us out of there. It’s tough to compete against free.”
CDI’s business strategy has not changed, however.
“We’re still teaching security classes,” Shea says. “We’re still doing audits and penetration testing for corporations of all kinds.”
Contact Seltzer at rseltzer@cnybj.com