Obamacare Website Vulnerable to Heartbleed Security Flaw

Saturday, 19 Apr 2014 07:29 AM

 

Share:
  Comment  |
   Contact Us  |
  Print  
|  A   A  
  Copy Shortlink

People who have accounts on the enrollment website for President Barack Obama's signature healthcare law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.

Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.

The Heartbleed programming flaw has caused major security concerns across the Internet and affected a widely used encryption technology that was designed to protect online accounts. Major Internet services have been working to insulate themselves against the problem and are also recommending that users change their website passwords.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the healthcare website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."

The healthcare website became a prime target for critics of the Obamacare law last fall when the opening of the insurance enrollment period revealed widespread flaws in the online system. Critics have also raised concerns about potential security vulnerabilities on a site where users input large amounts of personal data.

The website troubles were largely fixed during the second month of enrollment and sign-ups ultimately surpassed initial expectations. Obama announced this week that about 8 million people had enrolled in the insurance plans.

The full extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet's Web servers and went undetected for more than two years. Although it's conceivable that the flaw was never discovered by hackers, it's difficult to tell.

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government's potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

"We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems," Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications, wrote in a blog post on the agenda website. "And we will continue to adapt our response if we learn about additional issues created by the vulnerability."

Officials wouldn't say how government websites they expect to flag as part of the Heartbleed security review, but said it's likely to be a limited number. The officials insisted on anonymity because they were not authorized to discuss the security review by name.


© Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Share:
  Comment  |
   Contact Us  |
  Print  
  Copy Shortlink
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Retype Email:
Country
Zip Code:
 
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
Around the Web
You May Also Like

Cornyn: House to Pass 'Skinnied Down' Bill to Aid Border Crisis

Monday, 28 Jul 2014 07:14 AM

House Republicans intend to pass skinnied down emergency funding legislation this week before the August recess to add . . .

Justice Department Seeks to Protect Files of Anti-Iran Group

Monday, 28 Jul 2014 07:06 AM

A federal lawsuit by Greek shipping magnate Victor Restis is on pause while the Justice Department tries to prevent him  . . .

Israel Resumes Strikes in Gaza as UN Calls for Ceasefire

Monday, 28 Jul 2014 06:22 AM

A relative lull descended on the war-torn Gaza Strip at the start of a major Muslim holiday on Monday, as international  . . .

Most Commented

Newsmax, Moneynews, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, NewsmaxWorld, NewsmaxHealth, are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved