The Health Service Executive will need to spend almost €657 million over seven years to implement cyber security improvements following last year's cyber attack.

The figures are contained in the latest report of the State's spending watchdog, the Comptroller and Auditor General.

The C&AG states that the financial cost of the cyber attack has been significant, but that the full cost and its long-term impact on patient care have not yet been determined.

The HSE has previously said that the immediate costs associated with the cyber attack could be around €100m, but that long term costs could rise to half a billion euro.

The C&AG report states that the HSE has incurred legal costs of €2.6m since the cyber attack, which included securing a High Court order to prevent the sharing of stolen data.

The HSE says that no legal actions have been taken against it to date by individual patients but as of last month patients, clients and staff whose personal information was stolen as part of the cyber attack had yet to be informed.

In its report, the C&AG is recommending that the HSE should prioritise its engagement with the relevant stakeholders so that all those impacted are fully informed of the extent of their personal data stolen as part of the attack.

In its response, the HSE said that a notification process is under way which has been notified to the Data Protection Commissioner.