Securing remote diagnostics: Safe, reliable software updates for medical imaging hardware
Download nowTable of contents
Securing remote diagnostics: Safe, reliable software updates for medical imaging hardware
|
|
Medical technology | Europe |
Healthcare is increasingly defined by access — access to specialist knowledge, to advanced diagnostic tools, and to expert clinical judgment. For millions of patients, healthcare access is determined not by clinical need, but by physical location. Rural communities, underserved regions, and facilities without on-site specialists face an access gap. roclub is changing the way medical technology is operated by building the infrastructure to make decentralized remote healthcare access a reality.
roclub was born from a simple idea — professional medical technicians are important and indispensable for safe, high-quality diagnostics; but, there are too few of them, and their potential has not yet been unleashed. Founded in Berlin, roclub develops a tele-operation platform that enables clinicians to remotely control diagnostic imaging equipment — including MRI and CT scanners — from any location.
By capturing and streaming the HDMI output of existing imaging hardware, roclub allows specialist physicians to conduct diagnostics and oversee procedures without being physically present at the clinical site. A single connector per imaging machine and a single NVIDIA Jetson device per hospital form the backbone of the tele-operation system, creating a lightweight, scalable footprint that does not require integration with sensitive medical networks. roclub delivers innovation that ensures high-quality patient care anytime, anywhere.
With an active US FDA 510(k) regulatory pathway in place and deployments across European hospitals and clinics, roclub is navigating one of the most demanding intersections of software, hardware, and regulation in the technology landscape. In this environment, software update reliability is mandatory for safety, compliance, and positive patient outcomes.
|
100+
|
99% |
| MWh of behind the meter battery energy storage | uptime guaranteed through advanced monitoring and control |
The Challenge
Objectives
| Protect patient outcomes and device uptime, ensuring a failed software update never disrupts clinical operations | |
| Maintain access and expand into new markets by improving the operational security posture and ensuring regulatory compliance with US and EU medical device regulations | |
| Accelerate time-to-market and focus engineering resources on core development by eliminating the operational burden of manual software updates | |
| Focused on innovation by preserving the existing technical architecture and avoiding re-platforming | |
| Maintain full control and reliability over the update process at every stage of fleet growth |
As roclub moved from a Raspberry Pi prototype to NVIDIA Jetson-based production hardware, the limitations of its early software update approach became clear. The team managed updates for its prototype device through Ansible Playbooks. While over-the-air (OTA), the manual Ansible update process was fragile with many drawbacks. Overall, the process lacked a centralized way to store and synchronize data, proved slow in larger environments, and would be difficult to maintain as roclub continues to scale. These drawbacks were not simply engineering inconveniences; the legacy update approach was a growth bottleneck.
In its initial stages, roclub rated the security of its software updates at 2 on a 10-point scale. Under the EU Medical Device Regulation (MDR), software components in medical technology must be fully compliant with IEC 81001-5-1. Implementing proper security mechanisms for lifecycle management includes the software update infrastructure. Any systems lacking end-to-end traceability and security-by-design impedes premarket approval, putting the entire product offering in jeopardy. roclub rated the time and effort required to release new software versions at 3. A failed software update in a clinical environment can disrupt active diagnostic workflows, delay time-sensitive procedures, or leave devices in an inconsistent state — unacceptable outcomes. In any healthcare context, a secure, fail-safe solution is essential. When asked to evaluate its current solution, roclub anticipated that it would become unsustainable within a year.
Growth compounded the challenges. roclub's operational footprint was expanding, with projections that would take the fleet from a few hundred devices to more than 23,000 by 2029 – a trajectory that leaves little room for operational drag. A manual, device-by-device update process — one that offered no automated rollback, limited auditability, and poor security controls — could not support sustained growth. More critically, a manual update process threatened to become a ceiling on innovation. If updating product software requires significant manual effort per device, the pace at which new features, fixes, and improvements can reach customers is fundamentally constrained. For a company growing exponentially, the software update infrastructure could not be the bottleneck.
Further developing an in-house OTA update framework was also not a viable path. The initial custom Ansible system required manual update rollouts and would not reliably scale alongside roclub’s fleet. roclub's mission is to advance remote diagnostics; maintaining a manual update system that lacks future-proof considerations only diverts engineering resources from fulfilling that mission. The team required a proven, purpose-built solution that could grow with the business, meet the security standards required by US and European regulators, and integrate seamlessly with the existing NVIDIA Jetson hardware and AWS IoT Core platform — without requiring a product re-architecture.
Technology ecosystem:
| NVIDIA Jetson (production hardware) | |
| Linux-based operating system | |
| AWS IoT Core |
OTA Software Update Solution Technical Requirements
| Fail-safe update architecture: A/B partition support and automatic rollback on failure | |
| Fleet-wide update management to replace device-by-device manual processes | |
| Compatibility with NVIDIA Jetson and AWS IoT Core | |
| Audit-ready update logs to support existing EU MDR traceability requirements and support FDA 510(k) certification | |
| Scalable, managed cloud infrastructure to accommodate rapid device fleet growth |
The Solution
After evaluating the native NVIDIA OTA update solution and other available options, roclub discovered Mender through GitHub and recognized it as a fundamentally different software update strategy. Other tools either required replacing existing infrastructure or limited robustness, Mender offered a focused, composable OTA software update layer, alongside roclub's existing NVIDIA and AWS IoT Core environment without disruption. The integration with NVIDIA Jetson hardware was straightforward, and the platform's compatibility with roclub's existing technical stack meant the team could adopt Mender without re-architecting the product.
The critical priority was moving away from manual updates entirely. The Ansible-based process required direct, device-by-device intervention, which was time-consuming and incompatible with the pace at which roclub needed to operate. Mender replaced it with a fully automated OTA update pipeline, enabling the team to deploy updates across the entire fleet from a single interface, on schedule, without manual steps.
Reliability and control were also essential factors. Mender’s fail-safe update architecture, which enables automatic rollback through an A/B partition strategy, ensures that devices maintain uptime throughout a deployment and always have a verified, working state to revert to. If a deployment encounters a problem, Mender does not stall the device, require a field visit, or interrupt clinical operations. For devices deployed in active clinical settings, this fail-safe behavior was non-negotiable.
Security and compliance were equally central to the decision. Operating in compliance with the FDA 510(k) and the EU MDR regulations demanded that software changes be traceable, authorized, and applied consistently. The authenticated update pipeline and structured audit logs in Mender provided the necessary documentation that regulatory bodies require for certification. With every update traceable, authorized, and recorded, roclub can demonstrate to regulators that its software changes meet the required standard of control. This documentation directly determines whether a product can enter and remain on the market.
Mender provided roclub with a managed infrastructure that scales with the business and removed the operational overhead of running and maintaining a software update infrastructure. With fleet management, deployment scheduling, and update preparation handled by Mender, the roclub engineering team could focus on product development — refining the tele-operation platform itself rather than maintaining the systems that keep it running.
Today, Mender serves as the secure and reliable software update backbone for roclub's growing footprint across hospitals and clinical sites. Mender provides the confidence required to deploy security patches, feature releases, and system updates in healthcare environments where failure is not an acceptable outcome.
“In critical infrastructure, a failed update is a safety incident waiting to happen. Mender's atomic updates with built-in rollback give us the confidence to deploy security patches and new features knowing our systems will never be left in an inoperable state.”
Nils Carsten, Co-founder, roclub
The Mender Difference
| A trusted market leader in software updates, freeing engineering resources to focus on core product development | A hosted, managed infrastructure that scales with device fleets without requiring additional operational overhead | ||
| Ensure reliable updates with an automatic fail-safe A/B partition approach | Control data consumption by deploying robust delta updates |
The Benefits
Realizing robustness and speed at scale
Confidence to deploy in safety-critical environments
The most significant outcome of adopting Mender was clinical. With Mender, roclub can deploy software changes to products in active hospital environments, knowing that a failed update will never leave a system in an inoperable state. A near-complete transformation of the update experience, satisfaction with the time and effort required to release software improved from 3/10 to 9/10 with Mender.
A security posture fit for the regulated healthcare industry
roclub's software update security rating improved by 250% following Mender. The structured, authenticated update pipeline that Mender provides supports the documentation and auditability expectations of the EU MDR and the US FDA, giving the team greater assurance that every update is traceable, authorized, and applied as intended.
Scalable infrastructure without the overhead
With device fleets projected to exceed 23,000 units by 2029, roclub relied on Mender to remove the burden of running and maintaining update infrastructure, enabling the company to scale its fleet without scaling its operational complexity.
A solution that lasts
roclub anticipates Mender will effectively support its business needs for up to ten years. Supported by Mender, roclub now operates on a stable foundation, allowing the company to fully focus on product development, security and regulatory compliance, and transforming healthcare access.
|
9/10
|
+250% | 10 years |
| New satisfaction score | Increase in security rating | Anticipated sustainability |
Download the case study
Related resources
Some similar resources you may also be interested in


