Return to Timeline of the History of Computers
Software Bug Fatalities
Atomic Energy of Canada Limited (AECL) manufactured a line of radiation therapy machines used for treating cancer. The Therac-25 was a lower-cost, smaller, and more modern version of the company’s Therac-20. Both machines could generate a beam of low-power electrons, or they could crank up the power and slam the electrons into a piece of metal to produce therapeutic x-rays. But whereas the Therac-20 used a series of switches, sensors, and wires to implement its control logic and safety interlocks, the Therac-25 relied on software.
On April 11, 1986, a patient named Verdon Kidd was being treated for skin cancer on his ear with a Therac-25 when something went horribly wrong with his treatment. Instead of receiving a low-dose electron beam, he received a wallop of radiation. He saw a flash in his eyes, felt something hit him in the ear, and screamed in pain. The Therac-25, meanwhile, displayed the innocuous message “Malfunction 54.” Kidd died 20 days later on May 1 from the massive radiation dose he had received, the first person known to have been killed by a software bug in a medical device.
The initial investigation by AECL revealed that if the Therac-25’s operator hit the up arrow at a certain point in the program’s operation, the machine would energize the electron beam in its high-intensity setting without moving the x-ray target into place. AECL’s response was to remove the up-arrow key and cover the switch with electrical tape, an action the US Food and Drug Administration (FDA) later called inadequate.
In all, three patients died and two more received life-threatening doses of radiation—between 15,000 and 20,000 rads instead of the therapeutic dose of 200 rads—due to a subtle error in the Therac-25’s programming called a race condition, when two parts of a program sometimes execute in the wrong order. Additional work by University of Washington professor Nancy Leveson and her student Clark Turner exposed the need to establish rigorous engineering procedures for software development, testing, and evaluation. Nevertheless, in an article written about the Therac-25 incident 30 years after the fact, Leveson concluded that US regulators still did not have standards in place for reliably preventing harm that might be caused by medical device software.
SEE ALSO Software Engineering (1968)
A radiation therapy mask showing laser lines for targeting cancer cells in the brain. Radiation doses must be carefully controlled to avoid harm to patients, such as the fatal incidents caused by software errors in the 1980s.