Menu
Browse

Cyber Threat Actor: PPOC Threat Actor

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

The threat actor known as PPOCThreat Actor has been publicly identified with an alias that references its observed activity and is associated with the United States of America as its known location. To date, the only publicly reported activity linked to this actor is a malware incident that occurred on February 11 2020, targeting a pediatric physicians’ organization affiliated with a major children’s hospital. This incident represents the sole basis for any factual statements about the actor’s behavior, capabilities, or focus.

In the February 2020 event, the actor deployed malware that disrupted the medical record systems of the pediatric physicians’ organization, affecting more than five hundred primary care providers across its network. The disruption was confined to the organization’s distinct IT infrastructure, which was quarantined to prevent further spread, while the parent hospital’s operations remained uninterrupted. As a result of the system outages, several clinics advised patients to reschedule routine appointments and delay non‑urgent visits for minor symptoms, although officials confirmed that the containment measures stopped any additional damage. The attack’s primary observable effect was the interruption of healthcare service delivery, indicating a disruptive objective rather than data theft or financial gain.

The actor’s tactics, as evidenced by this incident, involve the use of malware to compromise and impair IT systems, though specific malware families, initial access vectors, or tooling styles have not been disclosed in public reporting. No further campaigns, affiliations, state connections, or consortium ties have been attributed to PPOC Threat Actor based on available sources. Consequently, the profile is limited to the confirmed facts of the single reported malware attack on a healthcare provider in the United States.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources