A new state report says your personal information held by some state agencies is at risk for cyber attacks.

"They can hack into anything nowadays," said Wichitan Michael Wayne Cook. "There's nothing that they can't hack into."

The audit of the state's online security says the problem is that each agency develops it's own security protocols.

         *Performance Audit Report: State Agency Information Systems

According to the report released Tuesday 95 percent of state databases contain your personal information, half of them have your medical information. While for security reasons the report doesn't say which agencies have problems, it does say several put your information at risk.

Cook spent Tuesday evening with his kids enjoying a summer night, not thinking about the safety of his personal data. Like many, he uses online systems to make payments, especially to the state of Kansas.

"Because you don't have to go out. You can do it at home, at work, in your car, with the way computers are nowadays," Cook said.

But he's not so sure it's as safe as he'd like.

"It just seems like any information you put on a computer, if somebody knew good enough how to do it they could get it right off of it," Cook said.

The state's Post Auditor says Cook's right.

"There are some agencies that do a fabulous job of that. They make it a priority," said Scott Frank, Kansas Post Auditor. "And they do a great job. But then we've also seen a lot of agencies that do a very poor job."

The problem is the lack of a statewide security program. Each state agency has its own IT security plan.

"How are we going to use the limited resources that we have and make those most effective? And right now those resources go to the agencies that, basically, the ones that care the most about it," said Frank. "Those may or may not be the agencies that are most important for the state to protect."

"Currently, right now, it's a puzzle," said state Senator from Wichita, Michael O'Donnell, Republican. "What we need in Kansas is a complete overhaul and a streamlined process that every agency is going to follow."

It's up to lawmakers like O'Donnell to fix the problems. He's on the Legislative Post Audit Committee tasked with making suggestions to the legislature and various agencies on how to improve their security. That starts with each agency getting an independent evaluation of it's security protocols by December of next year.
But that could cost the state extra money.

"The state's already spending so much money as it is," said Cook. "I don't know if it would be good for us, bad for us or just going to spend more money and hit us up for it."

One contributing factor to the problem is a lack of IT professionals in Kansas. Several departmental IT positions at the state level are empty right now. The Post Auditor says Kansas will have a hard time attracting enough qualified professionals to fill those positions because of what it pays.