Delivering and Masking Critical Patient Data for the Full Development Lifecycle
Topic: Protecting Healthcare Data While Powering Development and AI Innovation
Speakers:
Kellyn Gorman, Director of Data and AI, Silk
Mark Cooper, Principal Consultant, Cloudgainz
Summary
In this session, Silk’s Kellyn Gorman sits down with Mark Cooper of Cloudgainz — a long-time partner and consultant for Sentara Health — to discuss how healthcare organizations can secure, mask, and deliver critical patient data throughout the development and analytics lifecycle.
They explore the alarming rise in healthcare data breaches, the evolution of data masking and encryption, and how Sentara Health implemented an innovative architecture using Silk’s instant extracts and Redgate’s data masking tools to safely support development, analytics, and AI workloads — without exposing sensitive data.
The conversation highlights how software-defined storage, automation, and data masking combine to balance performance, protection, and agility — ensuring healthcare innovation continues securely.
Key Takeaways
Healthcare data breaches rose 141% in 2023, impacting 134 million patients.
True data masking is irreversible, preserving referential integrity while anonymizing sensitive fields.
Sentara Health uses Silk instant extracts + Redgate Data Masker to clone and mask data safely.
Architecture enables daily masked data refreshes for dev/test at near-zero cost.
Masked datasets feed AI and analytics pipelines securely, protecting PHI/PII.
“Data Masking as a Service” reduces cost, risk, and refresh time across environments.
Healthcare innovation can thrive without sacrificing data protection.
Transcript
[00:00–02:00] Introductions
Kellyn Gorman (Silk):
Welcome, everyone! This is Delivering and Masking Critical Patient Data for the Full Development Lifecycle. I’m Kellyn Gorman, Director of Data and AI at Silk — and yes, the “weird Oracle girl that Microsoft adopted.”
I’ve spent over 25 years in the data world, from Oracle and SQL Server to Postgres and MongoDB. Today, I’m joined by Mark Cooper, Principal Consultant at Cloudgainz and a longtime partner with Sentara Health.
Mark Cooper (Cloudgainz):
Thanks, Kellyn. I’m thrilled to be here. I’ve spent over 25 years in cloud hosting and data center operations — and for the last six years, I’ve worked closely with Sentara on FinOps, cost optimization, and Silk data platform adoption.
[02:00–04:00] The Healthcare Security Crisis
Kellyn:
Let’s start with the elephant in the room: data breaches. In 2023 alone, 134 million patients were affected by healthcare breaches — that’s almost half the U.S. population. It’s not “if,” but “when.”
Mark:
Exactly. Many assume HIPAA guarantees protection, but compliance ≠ security. We’re seeing weekly breaches, often from unencrypted backups or unsecured test systems. Healthcare data isn’t just PII — it’s full personal identity: insurance, SSNs, medical history, and even biometrics.
[04:00–09:00] Real Breaches and Their Lessons
Kellyn:
Just in 2024, we’ve seen:
Tricare: 5M records lost from unencrypted backups
Community Health Systems: 4.5M via test system breach
Advocate Health: 4M through stolen, unprotected laptops
Newkirk Products: 3.8M through test server data leak
Trinity Health: ransomware on unmasked subset of data
OneTouchPoint: 2.6M affected from third-party vendor access
Each one highlights how test and non-production environments are prime attack vectors.
Mark:
Yes, and vendors are often the weakest link. Many have no business holding PHI, yet still receive it. That’s where data masking changes the game.
[09:00–12:00] What Is and Isn’t Data Masking
Kellyn:
Let’s clear something up — “Dynamic Data Masking” in SQL Server isn’t true masking. It just hides data on screen. True data masking is irreversible, used for non-production data, and maintains referential integrity across databases.
Mark:
Exactly. And while encryption protects data at rest or in transit, it’s still readable by anyone with the key. Masking fundamentally changes the data, rendering it useless to attackers. Even if breached, it’s just anonymized test data.
[12:00–15:00] The Case for Masking in Healthcare
Kellyn:
Healthcare is the most targeted industry for data theft. Developers and testers still need real data — but they don’t need real identities. Masking lets them build and test with realistic datasets safely.
Mark:
Plus, masked data accelerates innovation. You can open datasets to analytics, partners, or AI initiatives without risk. The referential integrity stays intact, but PHI disappears.
[15:00–22:00] Sentara Health: Architecture and Innovation
Kellyn:
Let’s dive into Sentara Health’s story — because this architecture blew my mind.
Mark:
Sentara originally adopted Silk for performance — running their Epic EHR workloads. But then they realized Silk’s instant extract feature could create zero-footprint clones in minutes.
That allowed them to:
Snap live databases instantly
Mount exact copies to SQL servers for dev/test
Mask sensitive data using Redgate Data Masker
Refresh non-prod daily — safely and automatically
It cut their analytics runtime from 18 hours to under 12, and dropped storage costs by nearly $1 million compared to native cloud storage.
Kellyn:
And with Redgate, you integrated classification templates too, right?
Mark:
Yes. Sentara classifies sensitive data automatically before masking — detecting PII or PHI wherever it appears. It’s streamlined and repeatable, turning data masking into a service rather than a project.
[22:00–29:00] Data Masking as a Service
Mark:
We call it Data Masking as a Service.
Infrastructure teams just manage Silk’s automation — no manual refreshes. Data owners define masking rules through Redgate; Silk handles cloning, masking, and rehydrating environments.
The result:
Daily masked data refreshes in under 1 hour
Zero disruption to production
Developers and data scientists work safely and fast
Kellyn:
That’s revolutionary. It gives healthcare developers what they need without exposing patient data.
[29:00–34:00] AI, Copilot, and Safe Data for Machine Learning
Kellyn:
You also mentioned Silk’s integration with AI initiatives at Sentara — using masked data for LLMs and Copilot testing.
Mark:
Right. AI can easily be “poisoned” by real PHI — so we isolate training data entirely. Masked, cloned datasets let Sentara test AI use cases without risk.
They can train on full-scale datasets (40–100 TB) instantly, because Silk mounts them directly without network strain or extra copies.
Kellyn:
So they can explore AI freely while keeping compliance airtight. That’s huge.
[34:00–41:00] Measurable Benefits
Mark:
The results are striking:
Data masking runs dropped from hours to under one hour using Silk’s parallel I/O.
Storage costs reduced by 90% through zero-footprint clones.
Compute runtime costs fell from ~$60K to <$1K/month using burst scaling.
Developers now refresh data daily instead of weekly.
Kellyn:
That’s “instant gratification” for developers — without risk.
[41:00–46:00] Broader Impact on Healthcare and AI
Kellyn:
This isn’t just a tech story — it’s cultural. Healthcare teams used to treat data like radioactive material. Now, with proper masking and instant extracts, they can collaborate and innovate again.
Mark:
Exactly. It’s turned “security” from a blocker into an enabler.
Developers, data scientists, and infrastructure teams now share repeatable design patterns — not manual processes.
[46:00–53:00] Future Trends
Kellyn:
Looking ahead, here’s what’s coming fast:
Stricter HIPAA and state-level privacy laws (Oregon, Texas, Montana)
Increased data subsetting and minimization
Homomorphic encryption — share without decrypting
AI-driven anomaly detection for unauthorized access
Differential privacy and multi-party computation for selective sharing
These trends make masked data and automation even more critical.
Mark:
And for healthcare especially — masking + automation = survival.
[53:00–59:00] Key Takeaways
Kellyn:
It’s not if a data breach happens — it’s when.
Masking protects your data before the breach.
Instant extracts with Silk enable high-speed cloning and refresh.
Developers get full agility without compliance risk.
AI and analytics can thrive safely on masked, relational data.
Mark:
Exactly — and at Sentara, these practices have evolved from “security projects” into core business processes.
Kellyn:
That’s the future of healthcare data: secure, automated, and intelligent.
