Parse is HIPAA certified.

Regardless of this (assuming this is even true), I can't imagine that a finance company would want to store their data inside something like Firebase - The risk of data theft is too high and the value of the data is also too high.

When you store everything in a big centralized system, the risk of that data being compromised increases greatly. Right now, the reason why no one is hacking Firebase is because the data which is being stored in there is low-value.

If banks and hospitals started storing data in Firebase, you can be sure that it would attract the attention of hackers and you can be sure that they would find an exploit eventually.

You can't possibly place all of the world's high-value data inside one or two systems. Every single change made to the codebase is a potential security vulnerability.

Also, I imagine that employees of Firebase have access to all your data - What if one of them decided to share your data with a competitor. Humans are corruptable - This is too much power to put in the hands of so few people.

All of the problems you recognise exist with 99% of large scale internal solutions too.

True, but your internal solution isn't "large scale" until you are. The external solution is "large scale" when all users combined together are.

> hospitals started storing data in Firebase

Is health data actually worth that much to hackers? Genuine question.

Yes, some types of data are highly valuable because it can be exploited by someone to make a lot of money.

Data related to a person's education/intelligence is valuable too.

If you could get a list of all emails of people in the world with IQ < 70, you could easily take advantage of those people by sending them scam emails (for example).

Also, someone's preference for particular adult content is highly valuable (for blackmail).

A person's location data might also be quite valuable (especially if that person is a politician/celebrity).

Media probably would pay a lot for health info on celebrities, politicians, ...

Scammers could use the info to find targets (Fake hospital bills, "new medications", ... are easier to sell with correct information. Financial scams might work better on families that are desperate to pay expensive bills)

Publicly shaming or attacking people with "bad" or "disgraceful" health issues. (HIV, gender operations, mental issues...)

There are other forms of value besides money; in terms of social value and reputation, a hack that steals a large quantity of data about people is worth a great deal to the hacker.

Apparently Medicare spoofing is a big deal. Basically people pretend to be someone with Medicare and receive medical goods and services.

Legal stuff in case it is stolen does.

No, it is not. No idea where you got this notion, but I've been answering this question for almost 3 years.

According to whom? A quick Google search turns up a number of results to the contrary.

What do you mean by HIPAA certified? Do you mean they'll sign a BAA? I don't think they will.

...and even if they did, the technical requirements of HIPAA compliance go much further than what Parse has to offer. You'd be much better suited building an application and hosting it on Catalyze[1], which covers every aspect of HIPAA compliance and has a HITRUST certification.

1. https://catalyze.io

[citation needed]

It is not.

Wow, they used to list hipaa certification. Sorry, I'm wrong.

No, I don't think we ever did.