So, some questions:
1. What could I have done to allow this to happen?
2. Obviously I am not going to contact the hacker, so what do I do now to rectify the situation?
There are many things you can go wrong (malware on your PC, weak FTP password, un-patched web application, ...) that I would focus on what to do right the next time.
1) Use strong passwords
2) Have an anti-virus installed on your PC and run regular malware scans
3) Always run the latest version of your web application / CMS (unless you have to and know the security best practices don't use custom made web applications)
4) Add a security layer to your web site to protect you from attacks
Is you domain still under your control (only the hosting part was hacked)?
If so I suggest that:
1) Run an anti-virus and anti-malware scan on your PC
2) Open a new hosting account and start with a fresh copy of your web site (do you have it backed up locally?)
Have a good backup plan in place where you keep a known good version, a weekly and daily version and test restoring your site from backup. If you've got a decent recovery plan in place than the effects of any hack will be greatly reduced.