14 DAY TRIAL // Customers of HealthCare.gov, the United States’ health insurance marketplace, are being asked to change their passwords. The website was vulnerable to Heartbleed attacks.
There’s no evidence that cybercriminals have targeted HealthCare.gov, but they could have, which is why customers are advised to change their passwords.
“This means the next time you visit the website, you’ll need to create a new password. We strongly recommend you create a unique password – not one that you’ve already used on other websites,” reads the advisory posted on the website.
The passwords should be changed by using the Forgot Password feature on the website. Customers should beware of shady password reset notification emails or other Heartbleed-themed emails that purport to come from HealthCare.gov.
Since the marketplace was launched last fall, experts have often warned that it contained security holes that could have been leveraged by hackers.
The Heartbleed bug is said to have affected two-thirds of the websites using SSL. Some of the impacted organizations have rushed to patch their systems, but others have taken their time, giving cybercriminals the opportunity to strike.
As I mentioned in an editorial published last week, the time it took an organization to patch its OpenSSL installation says a lot about how much it cares about security. Unfortunately, there still are some companies that haven’t fixed the vulnerability, and experts believe that it will take months until all systems are patched.