Scenario

MedVault — Series B SaaS expanding to EU

MedVault is a 50-person Series B health-tech startup based in Austin, TX. They provide a cloud-based platform for small medical practices to manage patient intake forms, appointment scheduling, and billing. They currently serve 400 US practices and are preparing to expand to the EU market in Q3. The board has approved a $2M budget for compliance and international expansion.

• Currently SOC 2 Type I certified (Type II audit scheduled for Q4)

• All infrastructure runs on AWS us-east-1 (single region)

• No Data Protection Officer (DPO) appointed yet

• Patient health data (PHI) stored in PostgreSQL with AES-256 encryption at rest

• 3 engineers on the platform team, 12 total in engineering

• Using GitHub Actions for CI/CD with manual production deploys

• No formal incident response plan documented

• Employee laptops are company-issued but not MDM-enrolled

• Third-party billing integration with Stripe and a smaller clearinghouse API