Obamacare Website Flagged in Heartbleed Review


WASHINGTON -- People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.

Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.

The Heartbleed programming flaw has caused major security concerns across the Internet and affected a widely used encryption technology that was designed to protect online accounts. Major Internet services have been working to insulate themselves against the problem and are also recommending that users change their website passwords.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."

The health care website became a prime target for critics of the Obamacare law last fall when the opening of the insurance enrollment period revealed widespread flaws in the online system. Critics have also raised concerns about potential security vulnerabilities on a site where users input large amounts of personal data.

The website troubles were largely fixed during the second month of enrollment and sign-ups ultimately surpassed initial expectations. Obama announced this week that about 8 million people had enrolled in the insurance plans.

The full extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet's Web servers and went undetected for more than two years. Although it's conceivable that the flaw was never discovered by hackers, it's difficult to tell.

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted -- OpenSSL -- to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government's potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

"We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems," Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications, wrote in a blog post on the agenda website. "And we will continue to adapt our response if we learn about additional issues created by the vulnerability."

Officials wouldn't say how government websites they expect to flag as part of the Heartbleed security review, but said it's likely to be a limited number. The officials insisted on anonymity because they were not authorized to discuss the security review by name.

Heartbleed Hack Leads To Arrest

Increase your money and finance knowledge from home

Banking Services 101

Understand your bank's services, and how to get the most from them

View Course »

Getting out of debt

Everyone hates debt. Get out of it.

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:

Perhaps today will be the day the Republicans unveil their new healthcare plan.

April 20 2014 at 11:56 AM Report abuse +2 rate up rate down Reply

Weekend nights must be the primary domain of the most ignorant AOL members. Furthermore, based on the volume and content of these immature comments, I'll assume many of you are "old guys". Perhaps, your immature and (almost) incoherent comments are the result of cognitive regression. I'm betting it's primarily due to a lack of advancement (intellectually, educationally and emotionally) beyond high school.

For example, one genius referred to our President as "pincchiobama". C'mon, that's something one would expect from an immature 5th grader. The guy can't even spell his immature insults correctly.

Another "scholar" referred to Democrats as "sheeple". Guys, if you're going to insult us, you could (at least) try to come up with an original epithet.

To you right-wingers, who can't understand why you're so often stereotyped as "ignorant", you'll find the answer within your own comments. Of course, you'll probably need to consult someone who possesses the ability to think critically.

April 20 2014 at 3:54 AM Report abuse +4 rate up rate down Reply
1 reply to thomcit's comment

Politifact called it the lie of the year. Grow up and learn something

April 20 2014 at 7:05 AM Report abuse -5 rate up rate down Reply

The whole thing is a sham, it needs to be abolished, the whole thing is a mess and never will be anything but a mess

April 20 2014 at 3:15 AM Report abuse -7 rate up rate down Reply

I find it funny that our HHS Secretary MS Sebilious(sp) resigned JUST before this information (which has, obviously, been identified for some time) was published. We JUST CAN'T have her reputation sullied by ANOTHER website SNAFU can we...

April 20 2014 at 12:48 AM Report abuse -6 rate up rate down Reply

More of Obamas' lies

April 20 2014 at 12:12 AM Report abuse -11 rate up rate down Reply

things are being screened must be HP moderators on duty!!

April 20 2014 at 12:05 AM Report abuse -9 rate up rate down Reply

It's important t understand that a breech of personal data through Heartbleed is UNDETEC-TABLE by a server. It is a flaw of Open SSL that allows an overflow "handshake" request by the web site user to trigger a random flood of data responses. The only way to determine if there has been a Heartbleed incident is if a web site user founds ienity theft, ie., manifested in stolen funds, unauthrorized debit/credit card charges, etc. The fix to Heartbeeed is to patch Open SSL which invalidates the web provider's certification that must be revalidated. Heart-bleed is a web provider issue. An user changing passwords will not resolve web site Heartbleed vulnerability.

April 19 2014 at 11:31 PM Report abuse +5 rate up rate down Reply

Do you really think that the crooked governemnt will tell you that the web site is not safe?? It is very open to hacking and I hope it's hacked to the bone!

April 19 2014 at 11:30 PM Report abuse -3 rate up rate down Reply

Healthcare site affected by Heartbleed?....................Did anyone expect other wise. This so called Healthcare site has been screwed up ever since it's inception and reflects the very law that it serves with all it's flaws. They hit 9 million so they say and now the liberal media is declaring a major victory totally ignoring all future events that will ultimately terminate the whole train wreck. Stay tuned folks for more exciting events as you haven't seen nothing yet....................dare I say the worse is yet to come?

April 19 2014 at 11:28 PM Report abuse +1 rate up rate down Reply
1 reply to Escalonz's comment

THere is no LIBERAL media. There is only the media and Fox News hate filled lie fest. Get your head out of your butt. You are just focusing on the one small thing Fox News tells you to. You assume it was a lie. Why coudn't it have been an oversight? If it was a Republican it would be an oversight. This law is helpign millions and will help many more millions but a few thousand peopel who had shitty healthcare had to get better plans for less money (oh you leave that part out) and the law is a failure ? No. Sorry.My relatives who survived Cancer can now get coverage. Posisitves outweigh the few negatives no matter how much the Koch brothers pay to brainwash small town American

April 20 2014 at 2:02 AM Report abuse +3 rate up rate down Reply

We were told not to worry about security, we were told Obama would not sign a law that raised the debt one thin dime but in fact Obama Care will add almost 2 trillion to the debt in 10 years, Obama said you will not lose your healthcare but over 5 million did, Obama said you will not lose your doctor but million did, Obama said your healthcare cost will go down $2500.00 a year but mine went up, Obama was named LIAR of the year by Politicafact and owns 3 of the top 10 LIES of the year all over Obama Care. Obama Care was never about Healthcare it was about REDISTRIBUTION of wealth and CONTROL only. Obama just spiked the ball over 8 Million sign ups but gave no numbers to prove success and lied about the numbers he did give, lie number 2287. Obama, if you keep LYING Americana will keep calling you a LIAR. Now 6 out of every 10 voters call you a LIAR.

April 19 2014 at 11:19 PM Report abuse rate up rate down Reply
2 replies to HIGHPOWER's comment

Dont forget it came ou much later that there is in fact a loophole that allows insurance companies to raise their premiums. Along with that my insurance has been raising copays on my medications. Already its costing me more money. People didnt stop and think about just where the money is coming from that will subsidize insurance companies to make their premiums low. I know the goodhearted folks in washington DC isnt going to take the money out of their own pocket for that. The very things I tried to tell people years ago when this started up is coming to pass, yet there is a good many that are so deluded they will cause of a liar or mentally ill or whatever.

April 20 2014 at 12:14 AM Report abuse rate up rate down Reply

Your numbers are FOx News lies. The affordable care act actually lowers the debt and provides the sick and poor and military vets with coverage. ALL of your cliches liek redistrabution and control are crazy talk. Do you even know how the ACA works? No you don't. It's liek car insurance. The more that sign upm the more that companies can lower their rates. Stop believing everything the Koch brothers and Fo News tells you. They are lying to you so they don't have to pay their employees or cover them and so they can get politicians to promote their agendas in office. If YOUR insurance went up, go on the site and get a better plan. You are a rare case. That doesn't mean it doesn;t work NO plan is perfect. BEFORE this plan freeloaders went to the ER and got free treatment and drove your costs up too. Sorry.

April 20 2014 at 2:06 AM Report abuse +2 rate up rate down Reply