Of course it is at risk.
Check it out:
Users of the federal heath care exchange site have been advised to change their passwords this weekend after the Obama administration reviewed the government’s vulnerability to the Heartbleed Internet security bug.
Senior administration officials told the Associated Press that there was no indication that the HealthCare.gov site had been compromised and the action is being taken out of an abundance of caution. The government’s Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.