Where it's possible, perhaps using a deterministic process that can be easily repeated to verify the groupings haven't been tampered with? (Not to reduce the importance of backups, though they themselves can be attacked, but just as an idea for discussion...)

Here's an idea for how this could work for an example given elsewhere in the thread about the risk of an attacker mislabelling the subjects so the outcomes are unclear or deliberately skewed.

For a binary double-blind placebo trial (one group gets the medication, another gets the placebo), compute the hmac of each subject identifier (name, some participant ID), keyed with a key known to the principal investigator. Everyone whose hash MSB is above 0x80 gets the treatment, and everyone whose hash is below 0x80 gets the placebo. If you need more experimental groups, adjust the thresholds as needed

Clearly this is very restrictive and limited (you might need to ensure a proper demographic and medical/age profile distribution of subjects between both groups), but there are likely ways to achieve this by creating multiple "groups" and doing this process within each demographic balanced group.

You'd get a reproducible outcome, as long as you can recover the patient names or participant ID numbers, and the PI or experimental lead takes careful note of the hmac key used.

Just a straw man idea for how at least the patient to group allocation could be done deterministically. If someone attacked this and muddled patients and groups around, it could be reproduced just from knowing who the subjects are, and the hmac key. Clearly this doesn't scale to results or beyond, but I imagine this is where digital signatures start to help. And with modern ed25519 signatures we aren't talking massive signatures either.