UnitedHealth Group experienced a significant cybersecurity breach, primarily attributed to hackers exploiting vulnerabilities in Citrix software and using stolen credentials to access the Change Healthcare systems. The breach, which occurred on February 12, was facilitated by the absence of multifactor authentication (MFA), a critical security measure. UnitedHealth CEO Andrew Witty disclosed these details during a congressional testimony and in various statements. The cyberattack, which involved a ransomware attack and allowed hackers to lurk in the network for nine days, had severe repercussions, including forcing some healthcare providers to use personal savings to maintain operations due to disrupted payments.