Was Healthcare.gov Compromised by Heartbleed?

screenshot_76We might as well start here – if you’re concerned about Heartbleed, change all of your passwords, everywhere. It’s not a specific website/service problem, it’s an Internet problem. That said, you can now add Healthcare.gov to the long, long list of sites that have officially asked their users to change their passwords.

The ironic part is that the vulnerability was in OpenSSL – the code that was specifically made to make websites more secure, offering better authentication. Healthcare.gov, the government’s marketplace for private health insurance plans brought into existence by the Patient Protection and Affordable Care Act (better known as Obamacare), is one such site that used OpenSSL. So, the government is offering up essentially the same warning every site that used OpenSSL has since the Heartbleed news broke – there’s no evidence that there’s been any security breaches, but you should take precautions just in case.

It’s the latest part of the peculiar Heartbleed saga – I don’t know if there’s ever been more media panic wrought out without any specific security breach that anyone can point to. But, as Healthcare.gov and so many others rightly point out, we don’t know what we don’t know. So, change those passwords if you’re a Healthcare.gov user – it’s good practice to regularly change them, anyway. Unpredictable things like Heartbleed are probably why that little nugget of advice has always stuck with us.

Via NY Daily News