NEW YORK (Reuters) — Americans with
accounts on President Barack Obama's health insurance enrollment
website, HealthCare.gov, were advised that their passwords had been
reset to guard against the "Heartbleed" bug, in a message posted on the
site on Saturday.
The warning marks the latest fallout from the widespread security
bug, which surfaced this month and allows hackers to steal data
online without a trace. Companies from Amazon.com Inc to Google Inc.
have been forced to take steps to protect against Heartbleed.
A message on HealthCare.gov said users who visited the website would
need to create a new password to access their accounts.
"While there's no indication that any personal information has ever
been at risk, we have taken steps to address Heartbleed issues and
reset consumers' passwords out of an abundance of caution," said the
message posted on Saturday.
The Heartbleed security flaw is a "catastrophic bug" believed to
affect two out of every three Web servers, according to the
Electronic Freedom Foundation.
HealthCare.gov, a health insurance exchange for the 36 states that
opted out of creating their own state insurance exchanges, was
created under Obama's signature health care law, the 2010 Patient
Protection and Affordable Care Act.
The website's launch last fall was dogged by complaints that many
users could not access the site to buy insurance or research
healthcare plan options. Most of the website's most prominent flaws
were eventually remedied.
Obama on Thursday announced in the White House briefing room that 8
million people had signed up by the latest enrollment deadline of
April 15. The program's original goal was 7 million signups by the
end of March, which was met.
Republicans have been relentless in their criticism of the
healthcare law ahead of November's congressional elections, when the
GOP hopes to reclaim control of the U.S. Senate and strengthen its
majority in the House of Representatives.
Critics of Obama's health initiative have suggested HealthCare.gov
might be vulnerable to security flaws.
The Heartbleed bug exploits a glitch in a widely used Web encryption
program known as OpenSSL.
It has not affected only corporations.
Canada's tax-collection agency said this month that the private
information of hundreds of people had been compromised as hackers
exploited the Heartbleed bug.
(Editing by Alex Dobuzinskis; editing by Clarence Fernandez)