Heartbleed causes HealthCare.gov to change users' passwords
April 19th, 2014
02:05 PM ET
9 years ago

Heartbleed causes HealthCare.gov to change users' passwords

Washington (CNN) - A cybersecurity scare is forcing Obamacare enrollees who used the HealthCare.gov site to sign up for an insurance plan to now change their passwords.

The Obama administration says that although there is no immediate threat to users, all enrollees have had their password reset and now must create a new password.

[twitter-follow screen_name='politicalticker']

The threat emanates from a recently discovered online security vulnerability known as Heartbleed, which could put people's personal information at risk, from passwords and e-mails to financial information. It has forced most websites to re-evaluate and revamp their security procedures, and many have asked users to change their passwords, as well: from social media sites like Facebook and Instagram to dating site OKCupid and movie-streaming service Netflix.

"There’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk. However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information," says a statement on HealthCare.gov.

The site has already reset users’ accounts. Now, when they sign in, they will be prompted to create a new, unique password. The site includes a step-by-step process on how to do so and provides a hotline for any users who experience difficulty.

The Obama administration had previously said it was "taking a hard look at widely used tools such as OpenSSL to see if there is more that the federal government needs to do - including supporting research and development," according to National Security Council spokeswoman Laura Lucas Magnuson. The message from HealthCare.gov is the first of its kind.

The federal exchanges have been a point of political contention since the site’s high-profile rollout last October was marred by disastrous flaws throughout the system. Since then, critics have charged that the site, full of personal and financial information, was a vulnerable target for hackers.

Between state and federal exchanges, 8 million Americans are now signed up for health insurance through Obamacare, President Obama announced Thursday. But the White House has not yet released how many people have fully enrolled, which requires paying their first premium.

Filed under: cybersecurity • Obamacare
soundoff (51 Responses)
  1. Thomas

    Track them down with cyber DNA and put them behind bars !

    April 19, 2014 02:12 pm at 2:12 pm |
  2. Gurgyl

    Instead of fixing these Republican idiots are crying on Obamacare. Very pathetic. They know Greed is so huge in insurance industry, Hospital defrauding, doctors cheating, doing swan gantz for no reason.

    April 19, 2014 02:22 pm at 2:22 pm |
  3. bill

    If you like your password you can keep your password.

    April 19, 2014 02:30 pm at 2:30 pm |
  4. SDCinNS

    Bush did it!

    April 19, 2014 03:10 pm at 3:10 pm |
  5. DC Johnny

    Oh yeah, NOOOOW the rollout is a debacle.

    April 19, 2014 03:14 pm at 3:14 pm |
  6. democrat4life

    what a joke

    April 19, 2014 03:25 pm at 3:25 pm |
  7. Bjorn

    The government says, "no immediate threat to users"

    Translation ... "you're screwed."

    April 19, 2014 03:27 pm at 3:27 pm |
  8. Chris-E...al

    This program will never stand on two legs in its current form with or without the website . Its only temporary at least best . How long will it last ? We shall see ???

    April 19, 2014 03:41 pm at 3:41 pm |
  9. Grego

    Wow all that money blown and they were using open source?

    April 19, 2014 03:46 pm at 3:46 pm |
  10. OldAsDirt

    It might have been useful to report whether or not the site was found to be vulnerable.

    April 19, 2014 03:49 pm at 3:49 pm |
  11. Robert

    Its become clear to me now the staff at Obamacare don't have a brain among them.

    A smart person would have adjusted the website capacity to handle the increased visitors expected from such a press release. But what does these bozos do instead?

    "We're busy making HealthCare.gov even better! Sorry you can’t get what you need right now. Please come back and visit again later."

    April 19, 2014 03:53 pm at 3:53 pm |
  12. tech1

    So many ignorant comments nowadays. Technology is technology, and no one company is to blame for it. It is what it is. Get over it.

    April 19, 2014 04:17 pm at 4:17 pm |
  13. Chuck

    Good thing I have never logged in on that site, I knew it was bad from the start

    April 19, 2014 04:17 pm at 4:17 pm |
  14. i'malib

    Is this in any way going to hurt my $2500 health care rebate?

    April 19, 2014 04:18 pm at 4:18 pm |
  15. Anonymous

    This is only the first of many security problems with this web site.

    April 19, 2014 04:18 pm at 4:18 pm |
  16. sal

    Blame the tea party.

    April 19, 2014 04:32 pm at 4:32 pm |
  17. John Sellers

    This is really poor journalism. It is the same as "Heartbleed causes Fox News to change administrative passwords".

    Both are equally true but there is the nutty unvoiced implication that there is something wrong with Obama Care because of some general bug out there that effects everyone.

    This article is just about as interesting as a cigarette butt on the street.

    April 19, 2014 04:38 pm at 4:38 pm |
  18. Tampa Tim

    No threat to users, but to the brain dead republicans, it's the end of the world.

    April 19, 2014 04:38 pm at 4:38 pm |
  19. Tampa Tim

    Wait a minute, republicans did not even sign up for health insurance and they are complaining? This has to be the first time in our history that a password has to be changed? How dumb the wingnuts are.

    April 19, 2014 04:42 pm at 4:42 pm |
  20. mickinmd

    Seriously, it's not clear that every site has adopted new procedures to block Heartbeed so change your passwords now and in another month. My passwords are often too similar and recently I came up with a new, simple algorithm to create different personal passwords for different sites from very obscure words based on something in my past, but I'm not going to use them for another month.

    April 19, 2014 04:46 pm at 4:46 pm |
  21. Tampa Tim

    After the Kochs spent over $1 billion to encourage republicans to break the law and not sign up, are we to believe they defied the billionaires orders and signed up after all?

    April 19, 2014 04:46 pm at 4:46 pm |
  22. Richard Miller

    Here is a thought: The Koch's paid to invent this bug so that they could use it for attacks on all of us!

    April 19, 2014 05:00 pm at 5:00 pm |
  23. Tampa Tim

    The dumbest tea bagger in congress, Huelscamp, who has promised to repeal ACA, said he was not sure, but he did not think the uninsured rate in Kansas dropped. Kansas refused to expand Medicaid for their voters, and refused to set up an exchange to sign up uninsured. He was not sure, but that did not stop him from spouting bagger nonsense.

    April 19, 2014 05:04 pm at 5:04 pm |
  24. just saying

    Blame The Republicans For Obamacare
    I blame the republicans for Obamacare. If the republicans had introduced a single payer system (the ONLY system that will allow us, as an ENTIRE nation, to negotiate better health care prices), we wouldn't have to deal with Obamacare today. But since the republicans introduced NOTHING of substance to address the health care crisis, we now have Obamacare. Blame the republicans for Obamacare. After all it was THEIR idea, supported by the Heritage Foundation, and actually implemented by Mitt Romney.

    wow.... obamacare is such a disaster than even the people that jammed it down our throats are trying to claim they didn't do it and it was all somebody elses fault!! now this is their own president's supposedly signature accomplishment!! well, just when you thought the far leftist democrat lies couldn't get any worse, along comes this doozy!! only three words for this: total democrat desperation.

    April 19, 2014 05:18 pm at 5:18 pm |
  25. Ben Dover

    Do not worry. It is only financial and healthcare information. What differance does it make.

    April 19, 2014 05:20 pm at 5:20 pm |
1 2 3