Users of the federal “affordable care act” website have been advised to change their passwords. The Obama administration found issues when they reviewed the government’s vulnerability to the Heartbleed Internet security bug.
Senior officials in the administration told the Associated Press that the action is being taken out of caution and there was no indication that the HealthCare.gov site had been compromised.
Click like if you feel obamacare is unconstitutional
The officials said that the government’s Heartbleed review is ongoing and that all users of their other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions website.
A message was posted on the website Saturday saying “HealthCare.gov uses many layers of protections to secure your information. While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution.”
Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information.
The health care website became a target for critics of the mandatory Obamacare law last fall when the opening of the insurance enrollment period revealed widespread flaws in the online system.
Several critics have also voiced their concerns about the possiblity of security vulnerabilities on a site where users input large amounts of personal information.
The White House released a statement saying that the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month.
The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the users of the government websites data from being exposed.
The review of the government’s potential vulnerabilities on the matter is being lead by the Homeland Security Department. The Internal Revenue Service, a widely used website with massive amounts of Americans personal data, has said it was not impacted by Heartbleed.
“We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems,” Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications, wrote in a blog post on the agenda website. “And we will continue to adapt our response if we learn about additional issues created by the vulnerability.”
Officials wouldn’t say how they expect to flag government websites as part of the Heartbleed security review, but said it’s likely to be a limited number. The officials insisted on anonymity because they were not authorized to discuss the security review by name.