Is a simple random+hmac session cookie breakable?

I make statelessly-authenticated session cookies with hmac_sha256(random_string(16 bytes), static_secret) where random_string() is a simple PRNG seeded on the server’s timestamp at start-up, not a CSPRNG. Is this breakable? If so, how?