After a review of government websites in the wake of the disclosure of the Heartbleed bug, HealthCare.gov has reset user passwords and encouraged users to change their passwords the next time they log on, according to a statement on the site.
“While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution,” the statement said. “This means the next time you visit the website, you'll need to create a new password.”
Users are urged to “create a unique password – not one that you've already used on other websites.”
The private and public sectors have scrambled to patch sites that might be affected by the Open SSL flaw, which lets attackers steal the private cryptgraphic key of any secure server.