The Canada Revenue Agency says the security risk has been addressed, but added it will not apply interest or penalties to individual taxpayers filing their 2013 tax returns after April 30 for a period equal to the length of the service interruption.
The CRA has apologized to Canadians for the delay and inconvenience, but added it was necessary to ensure the agency's online services were safe and secure.
Service has also been restored to all publicly accessible Government of Canada websites, the Treasury Board said in a release.
The Heartbleed bug is caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy.
The bug is affecting many global IT systems in both private and public sector organizations and has the potential to expose private data.