Good day, we have 9 TRIDVR-ELE8M dvr's that have recently been hacked. Each one has its own ip address and is under the same network. When I went into the logs of one dvr, I clicked on the ip address of used when device was hacked and the details show it's an admin. I believe one of our remote users maybe had his laptop compromised. So I went around to all 9 locations and reset all dvrs back to default, set cams back up and changed everyone's passwords. 3 hours later, they were hacked again. The person is getting in through an admin account and I cannot delete it or amend the password. How can I fix this and how can I prevent this from happening again going forward?

Thanks for any help!