Hacked into

Someone has hacked into our Linux RedHat 7 system and luckily has only changed the index files (that I can see right now) for the websites. How can I check who and how it was done. How can I prevent this. I have applied all patches that I know off.

Thanks