The online application of Reginald Wright stalls as he attempts to sign up for health-care insurance on Healthcare.gov at the Atlanta Medical Center South Campus, Monday, March 31, 2014, in Atlanta. After the massive online-security vulnerability known as Heartbleed was discovered earlier this month, Healthcare.gov officials said customers of the new medical-coverage site had nothing to fear.
Now, however, the site is is singing a different tune: Users who visit the Healthcare.gov homepage are presented with a message reading: "Reset your password to access your Marketplace account."
That's right, users can't even log in to Healthcare.gov without changing their passwords first. But the site said this is simply a precautionary measure.
"While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution," reads a notice posted on the site. "We strongly recommend you create a unique password -– not one that you've already used on other websites."
That's an about-face from what Healthcare.gov told Mashable on April 10, shortly after Heartbleed was discovered.
"Due to CMS's security protections, Healthcare.gov consumer accounts are not affected by this vulnerability," a spokesperson said via email at the time. "Additionally, other CMS consumer accounts, including MyMedicare.gov, were not affected by this vulnerability." (CMS refers to the Centers for Medicare and Medicaid Services, which oversees Healthcare.gov.)
Other than the "abundance of caution" referenced on Healthcare.gov itself, officials did not immediately respond to Mashable's request for additional details explaining its change of course.
Lorenzo Franceschi-Bicchierai contributed to this report.
Have something to add to this story? Share it in the comments.
Source : http://mashable.com/2014/04/19/healthcare-gov-heartbleed-passwords/
