The Obama administration has reset the passwords of consumers who created accounts through HealthCare.gov, saying the precautionary move was necessary to protect personal information at risk through the newly discovered Heartbleed Internet bug.
Those who have accounts will be prompted to create new ones the next time they visit the site, according to an announcement posted on HealthCare.gov, a federal website managed by the U.S. Centers for Medicare & Medicaid Services.
Government officials say there’s no evidence that anyone’s personal information has been compromised, but the passwords were reset “out of an abundance of caution.”
“This means the next time you visit the website, you’ll need to create a new password,” the announcement reads. “We strongly recommend you create a unique password – not one that you’ve already used on other websites.”
The Heartbleed bug is an Internet security vulnerability discovered earlier this month in certain encryption technologies many websites use to manage “traffic, passwords and other sensitive information transmitted to and from users and visitors,” according to security researcher Brian Krebs.
At the same time Heartbleed became public, hackers around the world were sharing tools to take advantage of the new vulnerability of certain websites, Krebs wrote on his blog Krebsonsecurity.com.
This exposure prompted a government-wide review of website security.
News of the password reset comes two days after President Obama noted that some 8 million consumers had signed up for coverage through HealthCare.gov. That’s a million more than was forecast initially and about 2 million more than revised estimates following the troubled roll-out of the website, which repeatedly crashed and was dogged by glitches after the Oct. 1 launch.
Critics of HealthCare.gov questioned the security of the site, noting that the vast amount of personal information being collected made it an attractive target.