The so-called “department of government efficiency”, the Donald Trump-created program known as Doge and headed by the billionaire Elon Musk, has accessed or requested access to sensitive systems at multiple health agencies as the US president attempts to grant the committee sweeping powers within the federal government.
The bid for access comes amid an unprecedented effort to halt government spending, despite multiple court orders to unfreeze funds and reverse staff suspensions.
Thousands of people were laid off from health agencies on Friday after the Trump administration announced a plan to fire nearly all probationary employees, potentially numbering in the hundreds of thousands across the federal service.
“The potential for doing harm is significant,” said Scott Cory, former chief information officer for an agency within the US Department of Health and Human Services (HHS).
Health agencies maintain tightly controlled databases with sensitive information, and upheaval at these agencies threatens the US healthcare system even as the threat of infectious diseases like bird flu continues to ramp up.
“The possibility of new outbreaks or public health events is certain given the recent concerning spread of bird flu, which is still hampered by a slow response,” said an employee at the US Centers for Disease Control and Prevention (CDC) who requested anonymity because they were not authorized to speak on the record.
“With external communications cut off, extensive work-stop orders and dramatic changes in the federal workforce, the ability of any health agency is severely limited and ultimately will serve no one but those who choose to profit off the suffering,” the employee said.
Trump attempted to give Doge the power to shrink the federal workforce in a new executive order signed on Tuesday, despite lawsuits from unions over Doge access.
Some 5,200 people across health agencies reportedly received layoffs notices on Friday.
About 1,250 of them worked at the CDC, according to a source who requested anonymity because they were not authorized to speak publicly.
This included senior officials and the entire first-year class of the CDC’s Epidemic Intelligence Services officers, known as “disease detectives”.
Other senior health officials are also being targeted for layoffs, and employees are bracing for more mass layoffs in coming days, sources said. Several contractors also reported being laid off this week.
Probationary employees include any staff who haven’t served the full time (usually a year or two) needed to gain civil service protection in their positions – and this also applies to senior officials who have recently changed positions.
Staff at some health agencies, including HHS and CDC, reported being instructed not to talk about Doge in internal emails and messages, for fear of attracting attention through Freedom of Information Act (Foia) requests or searches from those who had gained access to these systems.
“In my whole time in the federal government, I’ve never seen this,” said the CDC employee. “It’s just a complete upheaval.”
Representatives of Doge gained access to the Atlanta offices of the CDC last week, according to sources who requested anonymity because they were not authorized to speak.
Doge-affiliated officials also gained access to payment and contracting systems at the Centers for Medicare and Medicaid Services (CMS), according to reporting from the Wall Street Journal.
Musk, the unpaid “special government employee” heading up Doge, appeared to confirm the CMS access and the search for potential fraud in Medicare payment systems: “Yeah, this is where the big money fraud is happening,” he alleged on X on 5 February.
Medicare fraud has long been a focus of careful investigation, with 193 medical professionals arrested in June under the Biden administration on charges related to $2.75bn in suspected healthcare fraud.
But stopping payments already authorized by Congress, as the Trump administration has already done with foreign assistance and federal grants and loans, is an unprecedented move.
Doge representatives have also sought access to the HHS payment systems that process billions of dollars in healthcare funding, and seem to have gained access to at least some of them, the Washington Post reported.
The HHS did not respond to the Guardian’s media inquiry by press time.
One of the requested systems, the Healthcare Integrated General Ledger Accounting System, contains financial information about all of the hospitals, doctors and other health organizations participating in federal programs like Medicare, Medicaid and the Affordable Care Act.
It requires training on the Health Insurance Portability and Accountability Act (Hipaa) for access; it’s not clear whether Doge representatives have undergone this training.
Doge officials reportedly gained extensive access at the treasury department as well.
Musk’s “unclear role” on a committee that has not been approved by Congress “has been a loud signal by this administration that the legal rulebook that the federal government operates by no longer applies”, the CDC employee said.
“Musk’s aggressive takeover of many sensitive data systems, including those in CMS and treasury, should concern everyone,” the employee continued. “Having access to all this data is not only a security risk but the abusive potential of having such data is incomprehensible.”
Armed with these systems and data, the Trump administration could dismantle healthcare support for Americans and punish states or entities refusing to align with the administration’s priorities, the employee said.
Interference in the systems that health agencies use to process payments could threaten the lives of people who depend on the funds, Cory said.
There are privacy concerns as well.
“There’s a whole lot” of sensitive data running through these systems into individuals’ bank accounts, including personally identifiable information about individuals who are recipients of government benefits, like social security, Cory said.
While the information is not usually stored in payment systems, “you can go backwards from that system, presumably, to the system that holds and maintains that information”, Cory said. “And that’s where this gets scary.”
No one individual should have access to entire systems like these, Cory said. Even small changes are a big deal, and need to be tested extensively before being deployed.
Yet the legal repercussions of unlawful access and activities in federal systems are limited, he said.
“The constraints on bad actors who are in there, inside the system, doing bad things, are relatively few,” Cory said.
The data collected by agencies plays a crucial role in keeping Americans safe – particularly in ongoing outbreaks like bird flu, Cory said: “If it’s not possible to report that data and disseminate that data, then we’re all at risk.”
