Whilst I've never had a system "actively" hacked, in my first company I worked for we had the misfortune of picking up a virus (via a personal flash drive which a silly engineer had infected on their home computer and then used on a SCADA terminal). It spread rapidly across our networked machines, causing one to crash repeatedly every couple of hours.
Whilst no PLCs were affected, plant operation was. The operators were not receiving alarms from remote sites and were unable to adjust control parameters as the virus was hogging all system resources and causing the SCADA software to crash. It caused major mayhem and necessitated a 4 hour drive in the middle of the night for me to go and hunt the virus down, reinstall Windows and then isolate segments of the network to prevent re-infection.
Needless to say it was a big wake up call for us. We had sites all over the country that were networked together, and when we started evaluating the state of things after this incident we found plenty of problems:
a) Out-dated or no anti-virus installed.
b) un-passworded network shared drives.
c) SCADA machines typically running old, unpatched Windows XP.
d) firewalls not well set up or disabled.
e) No company security policy for SCADA Machines (the IT guys avoided any SCADA computers like the plague).
f) No active monitoring on our (the 3 control systems guys) part when it came to sites we weren't physically based at.
We had a few important business rule changes after that.
There is a bit of ignorance and arrogance among some control systems guys who think their job is so hard that no one else could do it. While you might have to be a good PLC programmer to make a plant work well, as shawn_75 said it's pretty easy to wreck things without a lot of knowledge.
I've helped out a few clients who have had their control guy leave / contractor be difficult, and it's actually a lot easier than you would think to poke around a network and figure out what's what, just with a Windows command prompt, Ping and a couple of port sniffing tools.
Control system security is something that definitely needs to be taken more seriously these days. the trick is to get a balance between security and usability. If it's locked so tight and no one has the keys to do anything, you might as well just unplug your SCADA Computer from the network anyway. I think that all control systems people should at least have a basic working knowledge of network security, keep themselves up to date on Operating System vulnerabilities and patches, and implement regular checks to ensure things are as they should be.
I found this a reasonably good document to familiarize yourself with different issues relating to ICS security.
http://csrc.nist.gov/groups/SMA/fisma/ics/documents/oct23-2009-workshop/nist-ics3_10-23-2009.pdf