Source (skipped ahead to the right timestamp):
https://www.youtube.com/watch?v=zzvx3L3DQb8&t=248

Direct link to the full conversation: https://gemini.google.com/share/6d141b742a13

Archive link: https://archive.is/eiLQy

Source (from the posted article):

During a House hearing into the cyberattack in April, UnitedHealth’s CEO Witty confirmed that the cybercriminals broke into one of its employee systems using stolen credentials that were not protected with multi-factor authentication (MFA), a security feature that can help to protect against the misuse of password theft.