"Two-Factor Authentication Was Not Used"

The CEO of UHG created more liability than I can imagine in his congressional testimony

The CEO of healthcare testified in front of Congress today. I'm sorry, that's United healthcare. But he might as well be the CEO of healthcare. Change healthcare was Cyber attacked. And, as I predicted, the entire company had to be scrapped.

In front of Congress, Mr. Witty testify that they rebuilt Change from scratch. To be incredibly clear about this? We are talking about the liquidation in one cyber attack of billions of dollars of value.

That sounds like a lot of money. It's not to UnitedHealth Group.

The reason they had to rebuild change from scratch? Cyber attackers use a Citrix portal with no requirement for two factor authentication to access the entire infrastructure behind healthcare payments, pharmacy switches, radiology imaging systems, benefits verification, and so many more functions.

They had a policy to require two factor authentication. In practice, they didn't require two factor authentication.

They violated their own policies around the protection of health …