Healthcare.gov users have been urged to change their passwords while the Department of Homeland Security carries out a review into the Heartbleed bug.
Senior administration officials say there is no indication that Heartbleed was exploited on the Obamacare website, but that enrollees are asked to change their passwords out of an abundance of caution, The Associated Press reported.
“[We] have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution,” said a post on the White House website.
President Barack Obama announced this week that about 8 million people have enrolled in the Affordable Care Act marketplace.
Officials did not explain which government website were flagged for review but said users who have signed petitions on WhiteHouse.gov may also be asked to change passwords in the coming week.
The IRS already announced that it has not been affected by Heartbleed.
"We will continue to focus on this issue until government agencies have mitigated the vulnerability in their systems," said Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications. "And we will continue to adapt our response if we learn about additional issues created by the vulnerability."