Cybersecurity

Heartbleed Means HealthCare.gov Users Must Reset Passwords

Northfoto/Shutterstock.com

Federal officials are telling Obamacare website account holders to reset their passwords, following revelations of a bug that could allow hackers to steal data.

Officials earlier in the month said the government's main public sites, including HealthCare.gov, were safe from the risks surrounding Heartbleed -- faulty code recently found in a widely-used encryption tool. 

But, this weekend, the online marketplace's homepage directs users to change their login information.  

"While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution," HealthCare.gov states. 

The marketplace uses many layers of protection to secure data and there’s no evidence Heartbleed has been used maliciously against the site, officials added.

When Heartbleed emerged, some security specialists said data flowing on HealthCare.gov could be jeopardized by an underlying Akamai Technologies system that contained the flaw. 

If Akamai was "transferring personal information, then that data would be at risk,” regardless of government security protections, Jerry Irvine, a member of the National Cyber Security Partnership, a public-private organization, said at the time

"If they were using Akamai for services other than direct data input,” such as for hosting photos and other multimedia, “then personal information would not have been at risk,” he said.

Federal officials declined to comment on whether Akamai was handling personal information for HealthCare.gov. 

(Image via Northfoto / Shutterstock.com)

Threatwatch Alert

Spearphishing / User accounts compromised

Hackers Entered Multiple ICANN Databases

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// December 17
X CLOSE Don't show again

Like us on Facebook