The US Government has required MFA for decades
Executive Order 13681 back in 2014 "Improving the Security of Consumer Financial Transactions" made MFA required for access to digital applications containing personal information.
NIST published SP 800-63-3 in 2017 and MFA was required to access to any personal information. They recommend phishing resistant MFA and require it for the most sensitive data.
In 2021 EO 14028 "Improving the Nation’s Cybersecurity" required All US government agencies required to implement MFA.
Then in 2022 we moved to a ZTA philosophy OMB M-22-09 and MFA now required throughout the federal enterprise.
But now insurance demands it, so you need it too.