https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled.

This was revealed in UnitedHealth CEO Andrew Witty's written testimony published ahead of a House Energy and Commerce subcommittee hearing scheduled for tomorrow.