If you want to know how expensive it is to find a preimage for the string you’re describing, you need to figure out how many possible strings there are. Since the first 6 digits are a date of birth, their value is even more restricted than the naive assumption of 10^6 – we have an upper bound of 366*100 (every day of the year, plus the two digit year).

The remaining 4 ‘random’ digits permit another 10^4 possibilities, giving a total number of distinct hashes of 366 * 100 * 10^4 = 366,000,000 hashes.

With that few possibilities, it ought to be possible to find a preimage in a fraction of a second on a modern computer – or, for that matter, to build a lookup table for every possible hash.

Using a salt, as Tom suggests, will make a lookup table impractical, but with such a restricted range of valid values, a brute force attack is still eminently practical, so it alone is not sufficient to make the attack impractical.

One way to make things more expensive is to use iterative hashing – that is, hash the hash, and hash that, repeatedly. You have to do a lot less hashing than your attacker does, so increases in cost affect them more than they do you. This is still likely to be only a stopgap given the small search space, however.

As far as “using a password” goes, it sounds like you’re looking for an HMAC – a construction that uses a hash, but can only be verified if you have the key. If you can keep the key secret – no easy task if you’re assuming the hashes can only be obtained if your system is compromised in the first place – this is a practical system.

Edit: Okay, so ‘fractions of a second’ may have been a slight exaggeration, at least with my trivial Python test. It’s still perfectly tractable to bruteforce on a single computer in a short timeframe, however.