Heartbleed, the gaping flaw that left the internet's security gate wide open for more than two years, is causing headaches for yet another site: the beleagured Healthcare.gov. The government says the site has not been compromised, but officials have reset all user passwords "out of an abundance of caution." Heartbleed's not done causing heartburn yet.
Officials maintain that, if you've got personal info on the government's health insurance exchange website, your data is safe. "HealthCare.gov uses many layers of protections to secure your information," the organization says. "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution." Meaning that if you've got a HealthCare.gov username, you'll have to reset your password next time you log in.
AP reports that the Department of Homeland Security is taking the lead in evaluating which government websites may be at risk—particularly those that rely on the compromised OpenSSL encryption that Heartbleed affects. So far, the IRS reports that it is unaffected, though the AP says other government sites like WhiteHouse.gov may ask users to change their passwords soon.
As if you needed any further reminders, go ahead and change your passwords for any sites that may be Heartbleed-vulnerable. And for Pete's sake, make it a good password. [HealthCare.gov via AP]