Preventative Treatment For Heartbleed On Healthcare.gov

As the San Francisco Chronicle reports, "People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw." Take note, though; the article goes on to immediately point out this does not mean that the HealthCare.gov site has been compromised: "Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page." Also at The Verge

Re:"no indication ... site has been compromised"

[davidhoude]

Due to the fact that this exploit leaves no traces in server log files, we have concluded that there is no evidence of an attack on our servers.

This does not seem to be news

[SuperKendall]

I have no love for Healthcare.gov, but honestly just about every site is sending out notices that people may want to change passwords. Heck, Yahoo *made* me change my password.

Like everyone else they don't know if anything was taken. And frankly, Heatbleed is probably the least of the security issues Healthcare.gov has... I'd be way more worried about backbend systems, and then it doesn't matter what your password is.