How the Attack Occurred

When Optum acquired Change Healthcare, they neglected to double check the security measures that were already in place.  As they were working to incorporate Change Healthcare’s system into their environment, attackers found  the lack of Multi-Factor Authentication on the Citrix portal (an application used to enable remote access to desktop).  Using stolen credentials, the hackers were able to gain initial access.