Delivering and Masking Critical Patient Data for the Full Development Lifecycle

Webinar Transcript

Topic: Protecting Healthcare Data While Powering Development and AI Innovation

Speakers:

Kellyn Gorman, Director of Data and AI, Silk

Mark Cooper, Principal Consultant, Cloudgainz

Summary

In this session, Silk’s Kellyn Gorman sits down with Mark Cooper of Cloudgainz — a long-time partner and consultant for Sentara Health — to discuss how healthcare organizations can secure, mask, and deliver critical patient data throughout the development and analytics lifecycle.

They explore the alarming rise in healthcare data breaches, the evolution of data masking and encryption, and how Sentara Health implemented an innovative architecture using Silk’s instant extracts and Redgate’s data masking tools to safely support development, analytics, and AI workloads — without exposing sensitive data.

The conversation highlights how software-defined storage, automation, and data masking combine to balance performance, protection, and agility — ensuring healthcare innovation continues securely.

Key Takeaways

Healthcare data breaches rose 141% in 2023, impacting 134 million patients.

True data masking is irreversible, preserving referential integrity while anonymizing sensitive fields.

Sentara Health uses Silk instant extracts + Redgate Data Masker to clone and mask data safely.

Architecture enables daily masked data refreshes for dev/test at near-zero cost.

Masked datasets feed AI and analytics pipelines securely, protecting PHI/PII.

“Data Masking as a Service” reduces cost, risk, and refresh time across environments.

Healthcare innovation can thrive without sacrificing data protection.

Transcript
[00:00–02:00] Introductions

Kellyn Gorman (Silk):
Welcome, everyone! This is Delivering and Masking Critical Patient Data for the Full Development Lifecycle. I’m Kellyn Gorman, Director of Data and AI at Silk — and yes, the “weird Oracle girl that Microsoft adopted.”

I’ve spent over 25 years in the data world, from Oracle and SQL Server to Postgres and MongoDB. Today, I’m joined by Mark Cooper, Principal Consultant at Cloudgainz and a longtime partner with Sentara Health.

Mark Cooper (Cloudgainz):
Thanks, Kellyn. I’m thrilled to be here. I’ve spent over 25 years in cloud hosting and data center operations — and for the last six years, I’ve worked closely with Sentara on FinOps, cost optimization, and Silk data platform adoption.

[02:00–04:00] The Healthcare Security Crisis

Kellyn:
Let’s start with the elephant in the room: data breaches. In 2023 alone, 134 million patients were affected by healthcare breaches — that’s almost half the U.S. population. It’s not “if,” but “when.”

Mark:
Exactly. Many assume HIPAA guarantees protection, but compliance ≠ security. We’re seeing weekly breaches, often from unencrypted backups or unsecured test systems. Healthcare data isn’t just PII — it’s full personal identity: insurance, SSNs, medical history, and even biometrics.

[04:00–09:00] Real Breaches and Their Lessons

Kellyn:
Just in 2024, we’ve seen:

Tricare: 5M records lost from unencrypted backups

Community Health Systems: 4.5M via test system breach

Advocate Health: 4M through stolen, unprotected laptops

Newkirk Products: 3.8M through test server data leak

Trinity Health: ransomware on unmasked subset of data

OneTouchPoint: 2.6M affected from third-party vendor access

Each one highlights how test and non-production environments are prime attack vectors.

Mark:
Yes, and vendors are often the weakest link. Many have no business holding PHI, yet still receive it. That’s where data masking changes the game.

[09:00–12:00] What Is and Isn’t Data Masking

Kellyn:
Let’s clear something up — “Dynamic Data Masking” in SQL Server isn’t true masking. It just hides data on screen. True data masking is irreversible, used for non-production data, and maintains referential integrity across databases.

Mark:
Exactly. And while encryption protects data at rest or in transit, it’s still readable by anyone with the key. Masking fundamentally changes the data, rendering it useless to attackers. Even if breached, it’s just anonymized test data.

[12:00–15:00] The Case for Masking in Healthcare

Kellyn:
Healthcare is the most targeted industry for data theft. Developers and testers still need real data — but they don’t need real identities. Masking lets them build and test with realistic datasets safely.

Mark:
Plus, masked data accelerates innovation. You can open datasets to analytics, partners, or AI initiatives without risk. The referential integrity stays intact, but PHI disappears.

[15:00–22:00] Sentara Health: Architecture and Innovation

Kellyn:
Let’s dive into Sentara Health’s story — because this architecture blew my mind.

Mark:
Sentara originally adopted Silk for performance — running their Epic EHR workloads. But then they realized Silk’s instant extract feature could create zero-footprint clones in minutes.

That allowed them to:

Snap live databases instantly

Mount exact copies to SQL servers for dev/test

Mask sensitive data using Redgate Data Masker

Refresh non-prod daily — safely and automatically

It cut their analytics runtime from 18 hours to under 12, and dropped storage costs by nearly $1 million compared to native cloud storage.

Kellyn:
And with Redgate, you integrated classification templates too, right?

Mark:
Yes. Sentara classifies sensitive data automatically before masking — detecting PII or PHI wherever it appears. It’s streamlined and repeatable, turning data masking into a service rather than a project.

[22:00–29:00] Data Masking as a Service

Mark:
We call it Data Masking as a Service.

Infrastructure teams just manage Silk’s automation — no manual refreshes. Data owners define masking rules through Redgate; Silk handles cloning, masking, and rehydrating environments.

The result:

Daily masked data refreshes in under 1 hour

Zero disruption to production

Developers and data scientists work safely and fast

Kellyn:
That’s revolutionary. It gives healthcare developers what they need without exposing patient data.

[29:00–34:00] AI, Copilot, and Safe Data for Machine Learning

Kellyn:
You also mentioned Silk’s integration with AI initiatives at Sentara — using masked data for LLMs and Copilot testing.

Mark:
Right. AI can easily be “poisoned” by real PHI — so we isolate training data entirely. Masked, cloned datasets let Sentara test AI use cases without risk.

They can train on full-scale datasets (40–100 TB) instantly, because Silk mounts them directly without network strain or extra copies.

Kellyn:
So they can explore AI freely while keeping compliance airtight. That’s huge.

[34:00–41:00] Measurable Benefits

Mark:
The results are striking:

Data masking runs dropped from hours to under one hour using Silk’s parallel I/O.

Storage costs reduced by 90% through zero-footprint clones.

Compute runtime costs fell from ~$60K to <$1K/month using burst scaling.

Developers now refresh data daily instead of weekly.

Kellyn:
That’s “instant gratification” for developers — without risk.

[41:00–46:00] Broader Impact on Healthcare and AI

Kellyn:
This isn’t just a tech story — it’s cultural. Healthcare teams used to treat data like radioactive material. Now, with proper masking and instant extracts, they can collaborate and innovate again.

Mark:
Exactly. It’s turned “security” from a blocker into an enabler.
Developers, data scientists, and infrastructure teams now share repeatable design patterns — not manual processes.

[46:00–53:00] Future Trends

Kellyn:
Looking ahead, here’s what’s coming fast:

Stricter HIPAA and state-level privacy laws (Oregon, Texas, Montana)

Increased data subsetting and minimization

Homomorphic encryption — share without decrypting

AI-driven anomaly detection for unauthorized access

Differential privacy and multi-party computation for selective sharing

These trends make masked data and automation even more critical.

Mark:
And for healthcare especially — masking + automation = survival.

[53:00–59:00] Key Takeaways

Kellyn:

It’s not if a data breach happens — it’s when.