Department of Homeland security flags site as vulnerable.
Passwords of all consumer accounts at HealthCare.gov, President Barack Obama’s health insurance enrollment website, have been reset by the administration as a precautionary measure in the wake of the recent Heartbleed Internet bug.
An announcement posted on HealthCare.gov advised users to create new passwords on their next visit in response to a recent flag from the Department of Homeland security, identifying it as a potential target.
"We strongly recommend you create a unique password – not one that you’ve already used on other websites," said the message.
U.S. Centers for Medicare & Medicaid Services, which manages the website, said that there is no evidence yet of any compromise of personal information, but the passwords has been reset as a matter of caution.
Discovered by researchers at Google and Finnish security firm Codenomicon, the ‘Heartbleed‘ bug allows hackers to access the memory of systems that currently run the OpenSSL cryptographic software library used by several websites worldwide that could enable attackers to compromise a range of information without being seen.
HealthCare.gov was created under Obama’s signature health care law, the 2010 Patient Protection and Affordable Care Act.
President Barack Obama recently announced registration of eight million consumers on the site, about two million more than revised estimates, which was launched on 1 October last year.
The website had been facing various glitches since its launch and the critics are now questioning its security as the vast amount of personal information being collected makes it an attractive target, in view of the bug affecting various government sites and corporations.
Various other high-profile sites have also requested users to change their passwords.