Securing remote diagnostics: Safe, reliable software updates for medical imaging hardware

| Medical, Customer story
Download now

Securing remote diagnostics: Safe, reliable software updates for medical imaging hardware

 

Roclub

 

Medical technology | Europe

 

Healthcare is increasingly defined by access — access to specialist knowledge, to advanced diagnostic tools, and to expert clinical judgment. For millions of patients, healthcare access is determined not by clinical need, but by physical location. Rural communities, underserved regions, and facilities without on-site specialists face an access gap. roclub is changing the way medical technology is operated by building the infrastructure to make decentralized remote healthcare access a reality.

roclub was born from a simple idea — professional medical technicians are important and indispensable for safe, high-quality diagnostics; but, there are too few of them, and their potential has not yet been unleashed. Founded in Berlin, roclub develops a tele-operation platform that enables clinicians to remotely control diagnostic imaging equipment — including MRI and CT scanners — from any location.

By capturing and streaming the HDMI output of existing imaging hardware, roclub allows specialist physicians to conduct diagnostics and oversee procedures without being physically present at the clinical site. A single connector per imaging machine and a single NVIDIA Jetson device per hospital form the backbone of the tele-operation system, creating a lightweight, scalable footprint that does not require integration with sensitive medical networks. roclub delivers innovation that ensures high-quality patient care anytime, anywhere.

With an active US FDA 510(k) regulatory pathway in place and deployments across European hospitals and clinics, roclub is navigating one of the most demanding intersections of software, hardware, and regulation in the technology landscape. In this environment, software update reliability is mandatory for safety, compliance, and positive patient outcomes.

 

100+
99%
MWh of behind the meter battery energy storage uptime guaranteed through advanced monitoring and control

The Challenge

Objectives

Group 8455 (2) Protect patient outcomes and device uptime, ensuring a failed software update never disrupts clinical operations  
Group 8454 Maintain access and expand into new markets by improving the operational security posture and ensuring regulatory compliance with US and EU medical device regulations
Group 8456 (1) Accelerate time-to-market and focus engineering resources on core development by eliminating the operational burden of manual software updates
Group 8457 (1) Focused on innovation by preserving the existing technical architecture and avoiding re-platforming
Group 8458 Maintain full control and reliability over the update process at every stage of fleet growth

 

As roclub moved from a Raspberry Pi prototype to NVIDIA Jetson-based production hardware, the limitations of its early software update approach became clear. The team managed updates for its prototype device through Ansible Playbooks. While over-the-air (OTA), the manual Ansible update process was fragile with many drawbacks. Overall, the process lacked a centralized way to store and synchronize data, proved slow in larger environments, and would be difficult to maintain as roclub continues to scale. These drawbacks were not simply engineering inconveniences; the legacy update approach was a growth bottleneck. 

In its initial stages, roclub rated the security of its software updates at 2 on a 10-point scale. Under the EU Medical Device Regulation (MDR), software components in medical technology must be fully compliant with IEC 81001-5-1. Implementing proper security mechanisms for lifecycle management includes the software update infrastructure. Any systems lacking end-to-end traceability and security-by-design impedes premarket approval, putting the entire product offering in jeopardy. roclub rated the time and effort required to release new software versions at 3. A failed software update in a clinical environment can disrupt active diagnostic workflows, delay time-sensitive procedures, or leave devices in an inconsistent state — unacceptable outcomes. In any healthcare context, a secure, fail-safe solution is essential. When asked to evaluate its current solution, roclub anticipated that it would become unsustainable within a year.

Growth compounded the challenges. roclub's operational footprint was expanding, with projections that would take the fleet from a few hundred devices to more than 23,000 by 2029 – a trajectory that leaves little room for operational drag. A manual, device-by-device update process — one that offered no automated rollback, limited auditability, and poor security controls — could not support sustained growth. More critically, a manual update process threatened to become a ceiling on innovation. If updating product software requires significant manual effort per device, the pace at which new features, fixes, and improvements can reach customers is fundamentally constrained. For a company growing exponentially, the software update infrastructure could not be the bottleneck. 

Further developing an in-house OTA update framework was also not a viable path. The initial custom Ansible system required manual update rollouts and would not reliably scale alongside roclub’s fleet. roclub's mission is to advance remote diagnostics; maintaining a manual update system that lacks future-proof considerations only diverts engineering resources from fulfilling that mission. The team required a proven, purpose-built solution that could grow with the business, meet the security standards required by US and European regulators, and integrate seamlessly with the existing NVIDIA Jetson hardware and AWS IoT Core platform — without requiring a product re-architecture.

Technology ecosystem:

Tick NVIDIA Jetson (production hardware)
Tick Linux-based operating system
Tick AWS IoT Core

 

OTA Software Update Solution Technical Requirements

Tick Fail-safe update architecture: A/B partition support and automatic rollback on failure
Tick Fleet-wide update management to replace device-by-device manual processes
Tick Compatibility with NVIDIA Jetson and AWS IoT Core
Tick Audit-ready update logs to support existing EU MDR traceability requirements and support FDA 510(k) certification
Tick Scalable, managed cloud infrastructure to accommodate rapid device fleet growth

 

The Solution

After evaluating the native NVIDIA OTA update solution and other available options, roclub discovered Mender through GitHub and recognized it as a fundamentally different software update strategy. Other tools either required replacing existing infrastructure or limited robustness, Mender offered a focused, composable OTA software update layer, alongside roclub's existing NVIDIA and AWS IoT Core environment without disruption. The integration with NVIDIA Jetson hardware was straightforward, and the platform's compatibility with roclub's existing technical stack meant the team could adopt Mender without re-architecting the product. 

The critical priority was moving away from manual updates entirely. The Ansible-based process required direct, device-by-device intervention, which was time-consuming and incompatible with the pace at which roclub needed to operate. Mender replaced it with a fully automated OTA update pipeline, enabling the team to deploy updates across the entire fleet from a single interface, on schedule, without manual steps.

Reliability and control were also essential factors. Mender’s fail-safe update architecture, which enables automatic rollback through an A/B partition strategy, ensures that devices maintain uptime throughout a deployment and always have a verified, working state to revert to. If a deployment encounters a problem, Mender does not stall the device, require a field visit, or interrupt clinical operations. For devices deployed in active clinical settings, this fail-safe behavior was non-negotiable.

Security and compliance were equally central to the decision. Operating in compliance with the FDA 510(k) and the EU MDR regulations demanded that software changes be traceable, authorized, and applied consistently. The authenticated update pipeline and structured audit logs in Mender provided the necessary documentation that regulatory bodies require for certification. With every update traceable, authorized, and recorded, roclub can demonstrate to regulators that its software changes meet the required standard of control. This documentation directly determines whether a product can enter and remain on the market.

Mender provided roclub with a managed infrastructure that scales with the business and removed the operational overhead of running and maintaining a software update infrastructure. With fleet management, deployment scheduling, and update preparation handled by Mender, the roclub engineering team could focus on product development — refining the tele-operation platform itself rather than maintaining the systems that keep it running.

Today, Mender serves as the secure and reliable software update backbone for roclub's growing footprint across hospitals and clinical sites. Mender provides the confidence required to deploy security patches, feature releases, and system updates in healthcare environments where failure is not an acceptable outcome.

“In critical infrastructure, a failed update is a safety incident waiting to happen. Mender's atomic updates with built-in rollback give us the confidence to deploy security patches and new features knowing our systems will never be left in an inoperable state.”

Nils Carsten, Co-founder, roclub

The Mender Difference

Group 8455 A trusted market leader in software updates, freeing engineering resources to focus on core product development Lightning A hosted, managed infrastructure that scales with device fleets without requiring additional operational overhead
Group 8456 Ensure reliable updates with an automatic fail-safe A/B partition approach high-level 1 (1) Control data consumption by deploying robust delta updates 

The Benefits

Realizing robustness and speed at scale

Confidence to deploy in safety-critical environments

The most significant outcome of adopting Mender was clinical. With Mender, roclub can deploy software changes to products in active hospital environments, knowing that a failed update will never leave a system in an inoperable state. A near-complete transformation of the update experience, satisfaction with the time and effort required to release software improved from 3/10 to 9/10 with Mender.

A security posture fit for the regulated healthcare industry

 roclub's software update security rating improved by 250% following Mender. The structured, authenticated update pipeline that Mender provides supports the documentation and auditability expectations of the EU MDR and the US FDA, giving the team greater assurance that every update is traceable, authorized, and applied as intended.

Scalable infrastructure without the overhead

With device fleets projected to exceed 23,000 units by 2029, roclub relied on Mender to remove the burden of running and maintaining update infrastructure, enabling the company to scale its fleet without scaling its operational complexity.

A solution that lasts

roclub anticipates Mender will effectively support its business needs for up to ten years. Supported by Mender, roclub now operates on a stable foundation, allowing the company to fully focus on product development, security and regulatory compliance, and transforming healthcare access.

 

9/10
+250% 10 years
New satisfaction score  Increase in security rating  Anticipated sustainability 

 

Tags:

Download the case study