The officials are requesting that Healthcare.gov users reset their passwords after a continuing internal review by the Department of Homeland security flagged the site as possibly being vulnerable to a Heartbleed exploit. The move to reset passwords is being taken "out of an abundance of caution," according to a a notice published on the site, which serves as a portal for the health insurance exchanges set up under Obamacare. In addition, the note says that "there’s no indication" that any information was revealed through Heartbleed.
Critics of the Affordable Care Act may seize the opportunity to attack the much-maligned Healthcare.gov website, which was plagued by bugs during its launch last year. Those site issues have since been fixed, and the Obama administration recently announced that 8 million Americans have signed up for health insurance through the exchanges. Healthcare.gov is only one of many US government sites that use OpenSSL, the encryption protocol that lay vulnerable to attacks for the past two years via a bug known as Heartbleed. The Department of Homeland security is still leading a review of government sites, and the Associated Press reports that others, like the White House's petition website, may have mandatory password resets as well. Untold thousands of non-government sites have been affected by the bug, and many high-profile sites have similarly requested that their users change their passwords.