HealthCare.gov Passwords To Be Reset in Wake of ‘Heartbleed’ Bug

April 21, 2014 in News

Federal officials are instructing HealthCare.gov account holders to reset their passwords, following an administration-wide review of the government’s vulnerability to the destructive “Heartbleed” computer bug, Reuters reports (Francescani, Reuters, 4/19).

About the Bug

The computer bug — recently discovered by a Google engineer and another security team — infiltrates systems through a Web encryption program known as OpenSSL, which is used by hundreds of thousands of websites including Amazon and Google. Experts say that hackers potentially could use the program to get sensitive information from:

  • Email servers;
  • Laptops;
  • Mobile phones; and
  • Security firewalls (iHealthBeat, 4/14).

HealthCare.gov Vulnerabilities

In a statement, senior government officials said HealthCare.gov users are being advised to change their login information “out of an abundance of caution,” given the heavy traffic and sensitive user information hosted on the health care website (Pace, AP/Sacramento Bee, 4/20).

According to PC Magazine, users will be prompted to select a new password the next time they attempt to log in (Murphy, PC Magazine, 4/20). 

Officials said there is no indication that any personal data on HealthCare.gov have been compromised.

The security of HealthCare.gov and the state-based exchange websites has been a point of contention after they experienced widespread glitches when they launched last fall. Critics have honed in on potential security risks, given that they hold large amounts of sensitive data.

The Department of Homeland Security is leading the review of potential government vulnerabilities. In a blog post, Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications, wrote that DHS will “continue to focus on this issue until government agencies have mitigated the vulnerability in their systems.”

Schneck added that DHS “will continue to adapt our response if we learn about additional issues created by the vulnerability” (AP/Modern Healthcare, 4/19).

Heartbleed Bug Unlocks Secure Data in Nine Hours

In related news, hackers participating in a crowdsourcing challenge were able to use the Heartbleed encryption bug to unlock secure data in just nine hours, Modern Healthcare reports.

The challenge — which was created by Cloudflare, a San Francisco-based company that offers computer network and security services — aimed to demonstrate how dangerous the encryption bug is.

Overall, Cloudflare reported four different “winners.”

In a blog post, the company wrote, “This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability” (Conn, Modern Healthcare, 4/14).

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://feedproxy.google.com/~r/Ihealthbeat/~3/3MqEAaVK-Do/healthcaregov-passwords-to-be-reset-in-wake-of-heartbleed-bug

Be Sociable, Share!
Bookmark and Share

Leave a reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>