Updated: Feb. 24 at 11:48 a.m. ET
A quick summary of recent events:
- States won an extended block against DOGE Feb. 21, preventing the Elon Musk-led team from accessing sensitive payment system information until March 24.
- A decision handed down in the Southern District of New York blocked Musk and DOGE members from accessing sensitive payment records until Feb. 14. This is a new lawsuit, filed by state attorneys general Feb. 7. DOGE must destroy records in their possession, the court said.
- Democratic lawmakers have sounded the alarm on Musk’s outsized role in federal agencies, and his ability to access healthcare records within HHS. Musk’s stated aim is to reduce waste, fraud and abuse, but he is drawing intense pushback from privacy and constitutional law experts.
- All this came after unions representing government workers sued Musk for his access over Treasury systems. The Trump administration agreed to temporarily limit access, though there are questions as to how effective that agreement is for the plaintiffs.
States scored a victory in court against the Trump administration Feb. 21, securing a longer block against Elon Musk and the Department of Government Efficiency’s (DOGE’s) access to the Treasury payment systems.
The judge granted a preliminary injunction to the plaintiffs, banning access for DOGE members at the Treasury to access sensitive systems. A prior temporary restraining order went further, blocking all political appointees at the department.
“The court is providing defendants with an opportunity to promptly cure the procedural defects relating to the protection of sensitive and confidential information that the court has identified in the opinion,” the order (PDF) reads.
By March 24, DOGE members must complete training required by the Bureau of the Fiscal Services staff, confirm vetting of all staff for security clearances, assure the court the threats posed by DOGE are minimized by new procedures and better explain the chain of command at the agency.
A temporary restraining order Feb. 24 also restricted DOGE access to student loan data from the Department of Education and Office of Personnel Management (OPM), reported the New York Times and others.
The newer lawsuit yielded quicker success in challenging the legality of Elon Musk’s DOGE takeover of the Treasury payment systems, which has opened up new, wide-reaching privacy concerns not limited to Americans’ healthcare records.
The Southern District of New York agreed to a temporary restraining order (PDF) request from 19 attorneys general, with a judge saying states face “irreparable” harm otherwise.
“That is both because of the risk that the new policy presents of the disclosure of sensitive and confidential information and the heightened risk that the systems in question will be more vulnerable than before to hacking,” the judge said.
Only civil servants—not Treasury Secretary Scott Bessent, Musk or his team—with sufficient background checks were allowed to access sensitive personal or financial information, per the order. All materials acquired, copied or downloaded must be destroyed. The decision was narrowed Feb. 10 to not include Bessent.
In the lawsuit, states emphasized they receive billions of dollars disbursed by the Treasury for Medicaid. Collectively, states named in the lawsuit estimated they receive upwards of $247 billion in Congressionally appropriated funds explicitly for Medicaid programs.
That is not counting funds for Medicare, mental health and substance use disorder block grants, veterans’ health services, SNAP benefits, skilled nursing facilities, disaster relief, sex-trafficking prevention, social security benefits and more.
States also expressed concern over cybersecurity and DOGE’s reported unfettered use of AI.
The Treasury payment infrastructure handles disability and retirement payments and tax refunds for millions of Americans as well as the salaries of federal workers.
Alan Butler, executive director and president of the Electronic Privacy Information Center, in an interview with Fierce Healthcare, called Musk’s access of the system “the biggest data breach in history."
Opposition resistance grows
Democratic lawmakers have more questions than answers on how to deal with DOGE's growing influence in the federal government.
They are calling on the Department of Health and Human Services (HHS) Principal Deputy Inspector General to investigate (PDF) DOGE’s current access to healthcare records. The lawmakers are pushing the watchdog to ensure the administration is protecting against vulnerabilities, following laws and protecting the public. Trump fired longtime HHS Inspector General Christi Grimm in his first week.
In a separate letter (PDF), Sen. Ron Wyden and Reps. Frank Pallone and Richard Neal pressed HHS Acting Secretary Dorothy Fink on the threat Musk’s presence poses to Americans.
Musk is targeting the Centers for Medicare & Medicaid Services (CMS) as part of a wide-reaching effort, he says, to eliminate wasteful government spending at federal agencies. Musk and his allies are reportedly looking at the agency's payment and contracting systems but do not have access to its accounting system.
DOGE is collaborating with two senior CMS officials, "ensuring appropriate access to CMS systems and technology," the CMS said in a short statement, adding they are taking a "thoughtful" approach to the collaboration.
Critics argue Musk and his team should not be near these systems, given the private data they can see.
“This information is highly sensitive and could have significant commercial value, as well as competitive advantage for individuals seeking to use it for financial gain,” the lawmakers wrote to HHS. “Likewise, it could be misappropriated to target American citizens and businesses for political means.”
The Trump administration has already agreed to temporarily limit access (PDF) to Department of the Treasury payment system records for Elon Musk and people outside of the agency. Musk accessed these systems before moving on to HHS. State attorneys general joined in addressing the administration.
The agreement comes after two government labor unions and an advocacy group sued the Treasury Department and the Bureau of the Fiscal Service over Elon Musk and his team's access to the nation’s payment infrastructure.
Two special government employees on Musk's team, Cloud Software CEO Tom Krause and former X and SpaceX engineer Marko Elez, are exceptions and can continue to access the payment records, but their access may only be in "read only" mode. The discovery of racist posts made by Elez led him to resign from the role on the same day, but Vice President JD Vance and Musk publicly advocated for his return.
The lawsuit alleges (PDF) Musk and others have access to personal and financial information that should not be disclosed to them, such as bank account information, home addresses, Social Security numbers, email addresses and telephone numbers. Plaintiffs asked the court to enjoin Musk and his team from accessing the system and obtaining its information.
“The scale of the intrusion into individuals’ privacy is massive and unprecedented,” the lawsuit reads, noting the Privacy Act of 1974 and IRS code should protect consumers.
Wyden, in a letter (PDF) to Treasury Secretary Scott Bessent, also wants to understand the full timeline and extent of DOGE’s influence on the Treasury payment system. The Trump administration has downplayed the scale of access granted to outside workers, but media reports are increasingly contradicting this story, all while the administration told a district judge members just have “read-only” access.
Increasing access, control over government payment systems
Wyden has admonished the Trump administration for allowing this situation to unfold.
“These payment systems process more than a billion payments annually and are responsible for the distribution of Social Security and Medicare benefits, tax refunds, payments to federal employees and contractors, including competitors of Musk-owned companies, and thousands of other functions” he said in a different letter (PDF) to Bessent. “To put it bluntly, these payment systems simply cannot fail, and any politically-motivated meddling in them risks severe damage to our country and the economy.”
The lawsuit is in response to unprecedented and unilateral action taken by Musk and a small group of closely trusted workers around him.
Since the inauguration, Trump has endorsed, or at least not stopped, Musk’s actions to shape the federal government. They include attempting to shut down the U.S. Agency for International Development without congressional approval by partially folding it within the State Department, locking career civil servants in the Office of Personnel Management (OPM) out of computer systems, floating an end to the Department of Education and urging federal workers to quit their jobs.
Through the OPM, Musk has access to federal worker records of current and former employees and applicants. Sensitive information includes past mental health history, Social Security numbers, addresses and medical and drug information, said Butler. Four DOGE members were granted administrative access to OPM computer systems, allowing them to "install and modify software," the Washington Post reported Feb. 6.
A class action lawsuit (PDF) brought forward by two anonymous government employees claimed Musk's team was operating a new "distribution and response list" without publishing a Privacy Impact Assessment. New department heads appointed by Trump also instructed agencies to gather information on government workers to then send to Amanda Scales, an employee at a Musk-owned company, through a new email server, a post on Reddit details and is outlined in the lawsuit. The plaintiffs noted the situation's inherent safety concerns and possibility for hostile actors to overwhelm a new server.
The government released a Privacy Impact Assessment (PDF), dated Feb. 5, for a government-wide email system. The report was reviewed by OPM Chief Information Officer Greg Hogan and Riccardo Biasini, a senior advisor to the agency's director. Biasini is also former director at The Boring Company, another Musk-owned company.
Musk's reach spread to the Treasury Department, where The New York Times and other media outlets reported Musk had full access to the agency’s payment system, the last stop for Social Security and Medicare disbursements before an individual’s bank account. Those stories were walked back, saying Musk and his team could only view and read the code but not change it.
However, it now appears Musk’s workers were able to access and write code on the payment system responsible for more than a fifth of the U.S. economy, reported Wired and confirmed independently by economic researcher Nathan Tankus. Payments through this system include veterans' benefits and health programs like Medicare and Medicaid.
Responding to Wyden, the Treasury Department said staff members only have read-only access and Medicare payments have not been "delayed or re-routed," reported Punchbowl News.
Musk is an unelected billionaire with deeply reported conflicts of interests, including his leadership roles at companies receiving millions in government payments. The White House has said Musk is serving as a special government employee, a temporary position in which Musk must abide by conflict-of-interest requirements. It’s not clear when Musk was first given the title, but these employees may only work 130 days per calendar year, NBC reported.
Later, the administration said he is a senior advisor but has no decision-making authority in DOGE.
Democratic lawmakers, like Senate Minority Leader Chuck Schumer, D-New York, worry Trump and Musk could turn off funds to agencies, programs or individuals. Doing so could have wide-ranging implications in healthcare, where Trump has been eager to reverse norms, remove public health data from government websites and reshape the country’s stance on reproductive rights, gender-affirming care and diversity, equity and inclusion.
“He gave DOGE access to people’s Medicare and Medicaid benefits, disability payments data, veteran benefit data,” said Schumer. “Will DOGE try to halt Social Security or Medicare or Medicaid? God forbid. Will DOGE cut funding to programs approved by Congress that Donald Trump decides he doesn’t like? What about cancer research?”
This would likely trigger a constitutional law fight centering around the concept of impoundment—or not releasing funds to programs Congress has already appropriated—a fight the administration is seemingly itching to take per internal documents obtained by press.
Unprecedented risks
When prompted by Musk to hand over access, Fiscal Assistant Secretary of the Treasury David Lebryk, the highest ranking civil servant in the department, resigned.
Butler is troubled longtime workers like Lebryk, who know the complex and dated back-end infrastructure like few others, are being replaced by Musk’s team of closely trusted allies that likely don’t have proper security clearance or vetting.
“There are ways to audit government fraud,” he said. “This is not the way.”
It certainly seems like Musk’s new operation is violating federal security standards, added Butler. If data leak, normal people may face increased risk of stolen identity, doxing attempts and harassment. Data in these systems can also be classified.
And when asked if it’s possible Musk and his team could inadvertently break the system in place, causing Americans to not receive payments from the government, Butler replied “yes.”
“That’s catastrophic,” he said. “That’s a world economy melting event.”
Musk is also heavily involved in the General Services Administration (GSA), the agency managing the government’s real estate portfolio and digital strategy. One of Musk’s workers listed with a GSA email account asked for access to Centers for Medicare & Medicaid Services (CMS) systems controlling contracts and more than a $1 trillion in annual payments, a document obtained by the New York Times apparently shows.
Within the GSA is a subagency called 18F. This office is responsible for rolling out Direct File, a free service for individuals to file tax returns. Musk posted Monday that the “group has been deleted.”
Emily Murphy, a GSA Administrator in Trump’s first term, advocated for eliminating 18F and the Technology Transformation Service (TTS) in an op-ed published by The Hill. 18F was created following the website rollout mishap of the Affordable Care Act and has since worked on the benefits claims service at the Department of Veteran Affairs.
Murphy called on DOGE to eliminate TTS because of the office’s planned growth, while spending “nearly $1.3 billion to lose $533 million.”
The Trump team was required to stop implementation of an Office of Management and Budget memo requiring freezing of all federal payments by the courts. But even the initial guidance—which the Trump administration maintained was carrying out day one executive orders—resulted in a nationwide panic of Medicaid benefits and the temporary closing of state portals.
The courts and healthcare stakeholders said they believed the administration was continuing to carry out the memo’s intent, despite the courts instructing otherwise. Controlling Treasury payments would make the stated mission of the memo easier to carry out.
Some states are reporting Head Start, a federal program helping low-income students with health and educational needs, are still struggling to access urgent funds. As of Tuesday, Wyden said he continues to hear from providers in Oregon and Wisconsin who are facing similar problems, reported Wisconsin Public Radio. Patty Murray, D-Washington, said during a Monday press conference that she "spent the day on the phone with a number of my constituents who were calling, who still don't have access to their funds."
No matter whether the temporary freeze is causing long-lasting complications or whether the Trump administration is choosing to ignore judges’ rulings, closures of federally funded programs are increasingly likely if providers continue to not receive the funds.
Sunday, Musk tweeted he is shutting down “illegal payments” from HHS to Lutheran Family Services, a national network of providers, quoting a screenshot of payments by former National Security Advisor Mike Flynn.
It’s possible the screenshot is from internal payments Musk is accessing. If so, that would mean critical data is already leaking out of the federal government, said Butler.
“It builds on allegations they’re infiltrating this data, putting in new computer systems and databases that are not secured or cleared, merging it with other data from who knows where, all in the ostensible interest of finding ‘fraudulent payments,’” he explained.
Alesia Frerichs, president and CEO of Lutheran Services in America, said that cutting off payments to the organization would have real repercussions for socially at-risk individuals.
“As a network rooted in the long-standing Lutheran faith-based tradition of service in caring for our neighbor, Lutheran social ministries provide essential services to people in communities across the country,” Frerichs said in a statement. “The suspension of funding to faith-based health and human service organizations like Lutheran social ministries undermines efforts to support individuals and communities during on-going times of need. This action causes considerable harm to people who rely on critical services for shelter, food and mental health services among other social supports.”
This is a developing story.