Paytient operates a payment infrastructure layer spanning employer benefits, insurance claims, and provider settlement systems - moving real money through regulated healthcare channels at scale. Founded in 2018, the company processes healthcare transactions for over one million cardholders across thousands of employer, payer, and health system partnerships. The attack surface is straightforward: financial accounts, protected health information under HIPAA, and integration points with benefits administrators and clinical systems.
The technical stack runs on Python and SQL for transaction processing, with dbt handling data transformations and Looker providing analytics layers. Security requirements map to both payment card industry standards and healthcare regulations - dual compliance domains that don't always align cleanly. The company manages repayment agreements up to 12 months, meaning persistent storage of financial obligations tied to medical service codes and member identities.
Threat modeling centers on the usual fintech-meets-healthcare risks: account takeover leading to fraudulent healthcare charges, PII/PHI exfiltration from partnership integrations, and authorization bypass in repayment workflows. The business model - zero-interest payment plans funded through B2B partnerships rather than consumer fees - creates interesting incentive structures but doesn't fundamentally change the security posture. It's payment rails intersecting with medical data, which means the regulatory scrutiny runs deep and the incident response playbook needs to satisfy multiple frameworks simultaneously.