Software bugs can cause a lot of anxiety, inconvenience, and leech away valuable time, but thankfully they are rarely fatal. However, back in 1985 a radiation therapy machine called the Therac-25 was only just getting started on its human killing spree. There was a bug in its software which resulted in a deadly race condition, and at least six unfortunate individuals received doses of radiation that were 100x too strong. Three people died as a result of this software bug.
When launched, Therac-25 was an attractive machine for medical institutions as it offered a revolutionary dual treatment modes in one compact machine. It could be used for electron beam therapy to address shallow tissue problems, like skin cancers. Its other operating mode was Megavolt X-ray therapy, where a high current electron beam could target deep tissue problems. You wouldn’t want to mix these modes up…
A move to software-only controls
One of the innovations delivered with Therac-25 was the move to software-only controls. Earlier machines had electromechanical hardware interlocks to prevent the kinds of radiation accidents that occurred during the operation of this device. Therac-20, for example, is said to have shared software bugs with Therac-25, but the hardware would block any unsafe operating conditions, even if the software malfunctioned.
A paper published by California Public University computer science masters student, Anne Marie Porrello, details the nature of the bug / accident across the six known cases. For this fatal bug to manifest, typically, the Therac-25 operator would mistakenly choose the wrong operating mode and quickly try and correct their error. An experienced operator could edit treatment parameters so fast that the software skipped a safety check due to a ‘race condition’ between the input handler and the radiation beam logic.
Crucially, the Therac-25 took about 8-seconds to change radiation beam mode, and fast operators could confuse the software with inputs during this time window.
Date of the Accident | Location of the Accident | Extent of injuries to patient | Number of months after the first accident |
June 3, 1985 | Marietta, GA | Breast removal, loss of use of arm | Row 1 - Cell 3 |
July 26, 1985 | Ontario, Canada | Total hip replacement needed | 1 |
January 6, 1986 | Yakima, WA | Minor disability and scarring | 7 |
March 21, 1986 | Tyler, TX | Death | 9 |
April 11, 1986 | Tyler, TX | Death | 10 |
January 17,1987 | Yakima, WA | Death | 19 |
The first such accident that is documented occurred in June 1985, and the last in January 1987. Therac-25 manufacturer AECL resisted any blame attributed to their systems for months, only escalating to a thorough investigation in spring 1986. By that time, the FDA was also investigating the accidents.
In the wake of Therac-25’s killing spree, there were calls for formal verification, rigorous testing, and improved documentation for all medical software. The issues with Therac-25 has become an often-taught cautionary tale in computer science studies.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
