Heartbleed causes HealthCare.gov to change users' passwords
April 19th, 2014
02:05 PM ET
3 months ago

Heartbleed causes HealthCare.gov to change users' passwords

Washington (CNN) - A cybersecurity scare is forcing Obamacare enrollees who used the HealthCare.gov site to sign up for an insurance plan to now change their passwords.

The Obama administration says that although there is no immediate threat to users, all enrollees have had their password reset and now must create a new password.

The threat emanates from a recently discovered online security vulnerability known as Heartbleed, which could put people's personal information at risk, from passwords and e-mails to financial information. It has forced most websites to re-evaluate and revamp their security procedures, and many have asked users to change their passwords, as well: from social media sites like Facebook and Instagram to dating site OKCupid and movie-streaming service Netflix.

"There’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk. However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information," says a statement on HealthCare.gov.

The site has already reset users’ accounts. Now, when they sign in, they will be prompted to create a new, unique password. The site includes a step-by-step process on how to do so and provides a hotline for any users who experience difficulty.

The Obama administration had previously said it was "taking a hard look at widely used tools such as OpenSSL to see if there is more that the federal government needs to do - including supporting research and development," according to National Security Council spokeswoman Laura Lucas Magnuson. The message from HealthCare.gov is the first of its kind.

The federal exchanges have been a point of political contention since the site’s high-profile rollout last October was marred by disastrous flaws throughout the system. Since then, critics have charged that the site, full of personal and financial information, was a vulnerable target for hackers.

Between state and federal exchanges, 8 million Americans are now signed up for health insurance through Obamacare, President Obama announced Thursday. But the White House has not yet released how many people have fully enrolled, which requires paying their first premium.


Filed under: cybersecurity • Obamacare
soundoff (51 Responses)
  1. Tony D

    It has been public knowledge the web site didn't take even the basic security precautions. Any hacker looking for an easy score already has this web site on their target list. Anybody putting personal information there is crazy. The fact that the government openly stated they could not be held responsible should tell you everything you need to know.

    April 20, 2014 02:03 pm at 2:03 pm |
1 2 3