To safeguard a lab, there would have to be multiple layers of security incorporated.  Especially since PII is involved, the lab would have to have full HIPAA compliance, as well.  First, a thorough risk assessment must be performed.  This would help secure any weak areas in the lab, whether it be physical security or cyber security.  The lab should have around the clock security guards, with CCTVs to provide coverage all around the lab. All users would be granted access through badges and biometric means.  Mantraps would also be implemented to negate tailgating.  Data should be backed up and stored with a reputable cloud service provider.  Strict firewall security would be in place, as well as policies in the event of users accessing resources through VPN.  Based upon the security needs of the lab and the users, it would need to be determined whether telework is a need or just a luxury.

By implementing these policies, the lab could help to lower the attack surface for bad actors who wish to do harm and steal or modify PII. All systems would have to be scanned for vulnerabilities and patched.  While there is always a risk, we would do our best to make sure that the risk remains small.