📌 NOTE FOR NEW READERS: The 50501 Movement organizes peaceful action across all 50 states to defend democracy. This publication is nearly 100k readers strong and growing. If this resonates with you, hit subscribe.

Oracle is one of the biggest tech companies in the world. It builds the behind-the-scenes software and “cloud” systems that governments and large organizations use to store and handle huge amounts of information.

On February 27, Oracle announced it had received new federal approvals that allow more of its cloud services to be used for sensitive government work including generative AI, the same kind of technology behind tools like ChatGPT.

Earlier in February, the federal agency that runs Medicare and Medicaid (CMS) said it is moving some of its internal systems from government-owned servers to Oracle’s cloud as part of a modernization effort.

Congress held years of public hearings about TikTok and data security. But as of March 3, 2026, we could not find a major public congressional hearing specifically focused on CMS’s move to Oracle or Oracle’s new approvals to offer AI tools in secure government environments.

For years, Oracle wasn’t just a “cloud company”, it also ran a huge advertising/data business that built marketing profiles and “interest segments” about people based on online and offline activity gathered from third-party data sources. Industry reporting says Oracle’s systems once involved billions of identifiers, later deduped to roughly 700–800 million targetable identities, plus datasets mapped at the household level. Oracle later announced it was shutting down its advertising products, but the point remains, Oracle has historically had the capacity to assemble data profiles at massive scale. Even if you’ve never used an Oracle product, there’s still a decent chance Oracle has held data associated with you or your household without you knowing it.

Leave a comment

What happened last week while the news cycle was dominated by war coverage

On February 27th, Oracle published a blog post announcing that its cloud platform had received new government security “green lights” to be used for sensitive federal work. One is DISA Impact Level 5 (a Defense Department approval that allows Oracle’s military-focused cloud) to handle tightly controlled (but not necessarily classified) DoD data. The other is FedRAMP High (one of the federal government’s strictest security approvals for cloud systems used by civilian agencies.) Together, these approvals expand the list of Oracle cloud services the government is allowed to use and among the newly approved services is generative AI.

If that term sounds familiar, it’s because Generative AI is the same type of technology behind tools like ChatGPT. Software that can quickly summarize information, draft and rewrite text, sort and classify large volumes of records, and spot patterns across huge datasets far faster than a human team could, although it still needs clear rules and oversight because it can also make mistakes.

What Oracle received was arguably more significant, a green light.

An authorization means the federal government has certified that Oracle’s AI tools meet the security threshold required to operate inside government cloud environments, the digital infrastructure where sensitive federal workloads and certain DoD mission systems are stored and processed.

Earlier in February, the Centers for Medicare and Medicaid Services. CMS, the agency responsible for healthcare coverage for nearly 70 million Americans selected Oracle Cloud Infrastructure to begin migrating select on-premises workloads as part of a broader modernization effort. That means CMS is moving pieces of its internal systems off of government-owned servers and onto Oracle’s cloud platform. This is the administrative backbone of Medicare, the systems that process claims, manage enrollment, and handle the personal health and financial data of tens of millions of seniors.

What we know and what we don’t so far is that CMS selecting Oracle for cloud modernization doesn’t mean AI is reading your medical records today. But it means that the door is now open. Oracle has the authorization to run AI tools in these environments, and CMS is actively moving workloads onto Oracle’s platform. The infrastructure for this new system is being built but the important question is who’s watching how it gets used and what does regulation look like.

So far:
CMS selects Oracle for cloud migration.
About two weeks later, Oracle gets new authorizations to run AI tools in government and defense cloud environments. (And this happened during a news cycle so consumed by military strikes that virtually no one in Congress or the press asked a single question about it.)
Now compare that to what happened with TikTok.

Over the course of several years, TikTok faced a parade of public hearings and bipartisan scrutiny in Congress. The concern was pretty straightforward. A foreign-owned company had access to the personal data of millions of Americans, and lawmakers wanted to know what safeguards existed. But the specific technical safeguards most people associate with “Project Texas“ didn’t come from a single act of Congress, they were built through national security negotiations and executive-branch oversight.

TikTok’s CEO testified that U.S. user data would be stored in the United States, hosted by an American-headquartered company, with access controlled by USDS personnel and that the company was offering third-party monitoring of its source code. Independent experts would inspect TikTok’s systems and report what they found. The source code. The digital equivalent of opening the hood and letting a mechanic verify the engine matches what’s on the label would be subject to ongoing review and software assurance protocols, according to USDS JV public materials describing the arrangement. A dedicated entity was created, housed on Oracle’s own servers ironically, designed to isolate American user data from foreign access. We need transparency, checks, and balances over where our data is going.

That was for a social media app overwhelmingly associated with younger users.

Now consider what Oracle has on us. The company is now positioned inside federal healthcare infrastructure through the CMS modernization effort. Oracle operates Top Secret classified cloud regions that defense and intelligence customers can use and Oracle says its OCI Generative AI service is available in those Top Secret regions, including access to xAI’s Grok models built by Elon Musk’s company. And it holds an $88 million Air Force Cloud One task order, supporting military operations across multiple classification levels.

Congress spent years demanding transparency from a video app.

Oracle is now positioned across federal healthcare modernization, DoD cloud programs, and Top Secret classified cloud regions simultaneously with GenAI authorized for key government and defense cloud environments at FedRAMP High and IL5 levels, and separately available in Top Secret classified regions. And the public governance framework for any of it? We haven’t seen one announced. No hearings have been scheduled or independent oversight structure has been disclosed. There has been no third-party audit requirement made public.

Medicare data includes diagnoses, prescription histories, treatment records, billing information, personal identifiers (including Medicare Beneficiary Identifiers, and in some legacy contexts SSN-based identifiers), and financial details. When AI tools are authorized to operate in environments where that kind of data is stored, the potential applications are enormous and so are the risks.

AI could be used to flag fraudulent claims, which would be genuinely useful. But it could also be used to identify patterns that lead to coverage denials, to make predictions about patient risk that affect what care gets approved, or to feed data into systems we haven’t been told about. Without public oversight, we have no way to know what’s happening, what’s planned, or what guardrails exist to protect the people whose data this is.

Oracle isn’t a neutral in Washington.

The company’s co-founder, Larry Ellison, is one of the wealthiest people in the world and has cultivated close relationships with political figures across the spectrum.

Larry Ellison operates in the mega-donor world where politics is funded through private estates, golf outings, and six-figure checks. In 2020, he hosted a Trump fundraiser at his Rancho Mirage estate with reported price points up to $250,000 for access and a roundtable. He’s also become a major Republican-aligned donor, pouring tens of millions into GOP super PACs most notably more than $35 million into the Tim Scott–linked Opportunity Matters Fund from 2020–2023 cementing his ties to the modern Republican donor network.

When a company and co-founder with deep political ties receives simultaneous authorizations across healthcare, defense, and intelligence with no public hearings, the need for transparency is urgent.

The Senate Committee on Finance and The House Ways and Means Committee have jurisdiction over CMS and Medicare.

The Senate Commerce Committee and The House Energy and Commerce Committee oversee technology and data privacy. If we demanded hearings for TikTok, we can demand hearings for this.

Call your senators and your representative and ask about public hearings on AI governance in federal healthcare systems before another authorization goes through.

Is this concerning to you? Do you trust AI with your medical data?

Leave a comment

Sources and additional reading:

• Oracle “OCI Expands Authorized Services for U.S. Government Customers,” February 27, 2026

• Oracle “CMS Selects Oracle Cloud Infrastructure,” February 11, 2026

• Oracle, “U.S. Air Force Awards Oracle $88M Cloud One Task Order,” February 12, 2026

• Oracle, “OCI Generative AI Now Available in Top Secret Classified Cloud Regions,” January 13, 2026

• House Energy & Commerce Committee | Chew testimony (Project Texas commitments)

• Lawfare | “Project Texas: The Details of TikTok’s Plan to Remain Operational in the United States”

• Lawfare | “Has TikTok Implemented Project Texas?”

• TikTok USDS JV public materials (source code review / assurance framing)

• USA.gov | Contact Your Elected Officials

In America, we have No Kings.

We are showing up together again on March 28.

When our families are under attack and costs are pushing people to the brink, silence is not an option. We will defend ourselves and our communities against this administration’s unjust and cruel acts of violence. America does not belong to strongmen, greedy billionaires, or those who rule through fear. It belongs to us, the people.

Join The 50501 Movement’s subscriber chat

Available in the Substack app and on web

Join chat

Leave a comment