Just over 32,000 notification letters have been issued to people who had their data stolen in the cyber attack on the Health Service Executive (HSE) in May 2021.

In total, more than 100,000 notifications are due to be issued by April.

Of those who have been informed, 220 people have requested further information through a facility on the HSE website.

The HSE was targeted by a major ransomware attack in May 2021 that caused widespread disruption and saw information held on computer systems illegally accessed and copied.

The Dáil's Public Accounts Committee (PAC) today examined the financial impact of the cyber attack with officials from the Department of Health and HSE.

The committee heard that the immediate response cost the Department of Health €1 million and cost the HSE €53m.

The HSE has previously said that the immediate costs associated with the cyber attack could be around €100m but that long-term costs could rise to €500m.

In September last year, a report from the State's spending watchdog, the Comptroller and Auditor General (C&AG) outlined that the HSE will need to spend almost €657m over seven years to implement cyber security improvements following the breach.

At today's committee hearing, Fine Gael TD Alan Dillon asked if any of the people whose data had been stolen had taken legal action against the State.

"We haven't received any prelitigation action letters yet," replied Derek Tierney, Assistant Secretary, Department of Health.

"There are six cases before the EU Court of Justice pending on this issue of cyber attack liability in the context of criminal attack, criminal motivation and the quantum of any costs apportioned, so there will be a period of time to see how the European Court rules in the matter," Mr Tierney said.

Mr Dillon asked the HSE about IT weaknesses at Dublin's Beaumont Hospital.

"One of the oxymorons of cyber is that the system is so old in actual fact that the chance of a cyber attack is quite limited, because it is on technology that is not normally cyber-attacked and the other technology that sits in front of that is relatively modern," Fran Thompson, HSE Chief Information Officer replied.

Mr Thompson said, that when it comes to cybersecurity, there is a "real arms race between the attackers on one side and the defenders on the other".

He said that the HSE received around 40,000 notifications of cyber attacks last year and that while some are benign, they have to be followed up and, where necessary, actions were taken.