U.S. Intelligence, HHS Fail to Locate Foreign Malware Inside Obamacare Networks

U.S. intelligence agencies and the Department of Health and Human Services investigated the software used by Obamacare computer networks but did not discover malicious code from Belarus, the HHS’ top information official said on Monday.

“Yes we have done a thorough review and we have worked with the intelligence community on that,” said Kevin Charest, HHS chief information security officer.

Charest, speaking to reporters following a recent cyber attack drill held by HHS and several healthcare companies, also said the department has urged the millions of new subscribers to Obamacare to change passwords to avoid losing personal data to the Heartbleed security software vulnerability.

There are no indications so far that Heartbleed has been used by hackers to steal encrypted data, Charest said.

The Heartbleed vulnerability was discovered earlier this month as a flaw in encryption software called OpenSSL. Healthcare.gov networks could be affected by the bug because some elements use the content delivery network operated by Akamai Technologies, Inc., which uses OpenSSL.

As a result, “we’ve put in new encryption keys, we’ve invalidated passwords and are now forcing folks to come in and reset their passwords,” Charest said.