Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

Hackers accessed Change Healthcare's systems using stolen credentials and without multifactor authentication (MFA), as disclosed by UnitedHealth Group CEO Andrew Witty. The breach, which occurred in February, involved a ransomware attack and significant data theft, affecting a large portion of U.S. health data. The absence of MFA and the methods used by the hackers, including lateral movement and data exfiltration, are under investigation. UnitedHealth confirmed a ransom was paid to the attackers, who caused over $870 million in damages.