Plesko said that in one instance, two 1's were appended to the end of a database query to make it crash. In another case, a print-server directory was deleted from the system.

Hospital Hack

The hacker subsequently appears to have used the backdoor access to set up or modify user accounts to also allow conventional access to Webchart, said Benjamin Kessler, a senior network consultant at Midwest Network Services Group LLC, a network infrastructure and security consulting firm in Fort Wayne that helped the clinic investigate the incident.

According to Kessler, an analysis of system and firewall logs showed that the person accessing the Webchart system came in via a proxy server at a local hospital. The systems at ONE were connected to the hospital's network via a virtual private network.

The hospital's logs showed that the proxy server had been accessed from a Windows Server 2003 system at another clinic, Kessler said. That system, in turn, appeared to have been accessed from within MIE's network, he added. Tracing the alleged route taken by the intruder "required quite a lot of coordination work with the other entities that had been abused along the way," Kessler said. MIE and triPractix are rivals in the Indiana health care IT market.