The warning marks the latest fallout from the widespread security bug, which surfaced this month and allows hackers to steal data online without a trace. Companies from Amazon.com Inc to Google Inc. have been forced to take steps to protect against Heartbleed.
A message on HealthCare.gov said users who visited the website would need to create a new password to access their accounts.
"While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution," said the message posted on Saturday.
The Heartbleed security flaw is a "catastrophic bug" believed to affect two out of every three Web servers, according to the Electronic Freedom Foundation.
HealthCare.gov, a health insurance exchange for the 36 states that opted out of creating their own state insurance exchanges, was created under Obama's signature health care law, the 2010 Patient Protection and Affordable Care Act.
The website's launch last fall was dogged by complaints that many users could not access the site to buy insurance or research healthcare plan options. Most of the website's most prominent flaws were eventually remedied.
Obama on Thursday announced in the White House briefing room that 8 million people had signed up by the latest enrollment deadline of April 15. The program's original goal was 7 million signups by the end of March, which was met.
Republicans have been relentless in their criticism of the healthcare law ahead of November's congressional elections, when the GOP hopes to reclaim control of the U.S. Senate and strengthen its majority in the House of Representatives.
Critics of Obama's health initiative have suggested HealthCare.gov might be vulnerable to security flaws.
The Heartbleed bug exploits a glitch in a widely used Web encryption program known as OpenSSL.
It has not affected only corporations.
Canada's tax-collection agency said this month that the private information of hundreds of people had been compromised as hackers exploited the Heartbleed bug.