UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn’t have multi-factor authentication enabled. Once they were into that management system, the miscreants were able to move through the network to steal people’s sensitive data and deploy extortionware.
Source: The Register