Top and Current
Source : (remove) : Albany Times-Union
RSSJSONXMLCSV
Top and Current
Source : (remove) : Albany Times-Union
RSSJSONXMLCSV

Missouri DOC Faces Critical Cybersecurity Risks

Jefferson City, MO - February 2nd, 2026 - A scathing audit released Friday by Missouri State Auditor Scott Fitzpatrick has revealed critical cybersecurity vulnerabilities within the Missouri Department of Corrections (DOC), potentially jeopardizing the safety of correctional facilities, the security of sensitive inmate and staff data, and, alarmingly, the state's overall independence. The report, titled "Cybersecurity Risks within the Missouri Department of Corrections," details a systemic failure to implement adequate security protocols, a concerning lack of oversight, and poorly managed access privileges for third-party vendors - creating a perfect storm for potential cyberattacks.

The auditor's findings come at a particularly precarious time. 2025 saw a dramatic surge in ransomware attacks targeting critical infrastructure across the nation, with several states experiencing disruptions to essential services. Experts warn that state correctional facilities, increasingly reliant on digital systems for everything from inmate management and surveillance to healthcare records and communication, are becoming prime targets for malicious actors. A successful breach of the Missouri DOC could not only compromise the safety and well-being of those within its facilities but also offer a gateway to other state systems.

"The Department of Corrections is fundamentally responsible for protecting both physical safety and the sensitive information entrusted to its care," Auditor Fitzpatrick stated in a press conference Monday morning. "This isn't just about preventing data theft. A compromised correctional system could lead to escape attempts, disruptions in vital services like medical care, and even direct threats to public safety. The lack of robust cybersecurity is a significant threat to the integrity of the entire state."

The audit identifies three key areas of concern. Firstly, the DOC's existing security measures are demonstrably insufficient to repel modern cyber threats. The report points to outdated software, a lack of multi-factor authentication across critical systems, and inadequate intrusion detection and prevention capabilities. The DOC appears to be operating with a cybersecurity posture more akin to a decade ago, rather than addressing the evolving threat landscape.

Secondly, the audit found a severe lack of oversight regarding cybersecurity practices. There's a notable absence of dedicated cybersecurity personnel with the authority to enforce security policies and conduct regular vulnerability assessments. Responsibilities are fragmented and appear to fall through the cracks, creating a situation where potential risks are not identified or addressed in a timely manner. This suggests a deeper systemic issue with prioritization of cybersecurity within the DOC's leadership structure.

Perhaps most concerning is the department's over-reliance on third-party vendors. While outsourcing certain functions is common, the report highlights that the DOC has not adequately vetted these vendors' security practices nor implemented sufficient controls to limit their access to sensitive data. This creates numerous potential entry points for attackers, who could exploit vulnerabilities in a vendor's systems to gain access to the DOC's network. Investigations into recent cyberattacks on other state agencies have repeatedly demonstrated the risks inherent in vendor relationships, particularly when proper due diligence is lacking.

The report offers a series of recommendations, including immediate investment in updated security technology, the establishment of a dedicated cybersecurity team, and a comprehensive review of vendor access policies. However, simply implementing these fixes will not be enough. The Auditor's office stresses the need for a cultural shift within the DOC, prioritizing cybersecurity as an integral part of its overall mission.

Lawmakers are now under pressure to address these findings. Senator Emily Carter, chair of the Senate Cybersecurity Committee, has already announced plans to hold hearings on the matter. "This report is a wake-up call," Carter said. "We need to ensure that the DOC has the resources and expertise necessary to protect our correctional facilities and the data they hold. The safety of our citizens and the integrity of our state are at stake."

The Missouri DOC has released a statement acknowledging the findings and pledging to work with the Auditor's office and the legislature to address the identified vulnerabilities. However, critics argue that the department has consistently underfunded cybersecurity initiatives in the past and question whether it will truly prioritize these improvements. The coming months will be critical in determining whether Missouri is willing to invest in protecting its correctional system - and, by extension, its independence - from the growing threat of cyberattacks.


Read the Full Albany Times-Union Article at:
[ https://www.yahoo.com/news/articles/state-ig-warns-threats-independence-210836293.html ]