Technology

Heartbleed bug could affect HealthCare.gov

by Megan R. Wilson

HeathCare.gov users are being asked to change their passwords “out of an abundance of caution” following an administration-wide review of a new Internet security weakness known as Heartbleed.

Senior administration officials said Saturday there is “no indication” that the ObamaCare exchange portal is at risk, but an ongoing review will determine whether data stored on HealthCare.gov has been compromised, according to the Associated Press.

{mosads}This weekend, the online marketplace’s homepage directs users to change their login information. 

“HealthCare.gov uses many layers of protections to secure your information,” a message on the website says. “While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution.”

The Heartbleed bug is an encryption flaw that silently put the passwords, personal information and credit card data of millions at risk over the last two years. While not every website across the Internet has been affected, popular websites like Facebook and Gmail became likely victims.

OpenSSL – the technology that was targeted by the Heartbleed bug – is used by many websites, including those operated by the federal government, to encrypt and protect user information.

Republicans on Saturday used the news to seize on the amount of personal data that’s required on HealthCare.gov and its potential vulnerability for theft by hackers.

“Even though IT experts asked HHS to include provisions in their final rules that would require the federal government to notify someone if their personal information has been breached, they declined to do so,” Rep. Diane Black (R-Tenn.) said in a statement. “This astonishing failure leaves millions of Americans vulnerable to cyber threats and identity theft, and the news today that users are being asked to change their passwords speaks volumes to the websites continued vulnerability.”

The Republican lawmaker pointed to legislation passed in the house in January, called the Health Exchange and Data Security Act, and urged the Senate to take it up.