to begin with, your hosting provider failed to patch something and tried to shift blame. It is their problem and they are required to solve it.
btw, that looks like some bot activity and I am fairly certain that one of those items looks a lot like a torrent tracker.
IS yours the only account on that machine? if not, how many other users might be affected by this?
Now, as for mode of infiltration, assuming they didn't have your credentials, it is possible that an injection exploit was used.
Now, this area is more my forte, but I am, by no means, a certified expert.
Anyway, time to call them back and have a chat with their operations manager and inform them that they have been breached and should be doing something about it. If they continue blame shifting, it might be time to consider dropping them entirely. that's my 2 cents worth.