Change Healthcare cyberattack was due to a lack of multifactor authentication, UnitedHealth CEO says

The beginning of the Change Healthcare cyberattack happened when hackers entered a server that lacked multifactor authentication. That's according to UnitedHealth CEO Andrew Witty. He told U.S. senators in a hearing on Wednesday that his company was still trying to understand why the server did not have the additional protection that guards against hackers guessing passwords. Witty also says hackers gained access to Change Healthcare in February and unleashed a ransomware attack that encrypted and froze large parts of the company’s system. The attack disrupted payment and claims processing around the country.