Why did my provider reset my password after someone else attempted to gain access to my account?

This is an absolute breach of security. Even if their policy was somehow sound, sending the password in plaintext to you in an email means that the reset is useless, and as you said, if the attacker had access to your email the security questions wouldn't do squat.

They should have done nothing as the security question answered was invalid. The best thing to do, IMHO, is to go a step further and block the user from answering questions for a defined period. Notifying you is a proper step, but changing the password just makes it useless.

I'd ask them a simple question: "if you're going to send me (or someone pretending to be me with access to my email) a password if I/someone else guess the security question wrong, what's the point of security questions?"

No, it is not an appropriate response from the ISP. The attacker tried to reset the password, which shows that the attacker does not know the current password, and actually does not even try to guess it. Forcing a reset of that password cannot bring any good: it tries to fix exactly the part of the authentication system which was not broken.

If resetting the password will not do any good, it can bring a lot of harm, though. Passwords as plaintext in emails are rarely a good idea.

This situation looks like a good example of a "knee-jerk security stance": when in doubt, panic.

^{(Your ISP really chose a password beginning with "Rory" ? This triggers my "fool play" sense.)}

The only case I can think of where changing your password like that would make security sense is if the user was logged in to your account when they tried to change your password.

In that case, your previous password was potentially compromised, because whoever was logged in knew that password but not the answer to your security question.