The therac 25 a case study in safety failure radiation therapy machine the most serious computerrelated accidents to date people were killed reference. An investigation of the therac25 accidents stanford university. On a second reading, they fill out worksheet one participant list as an electronic file, for later copies, which is a complete list of participants, both individuals. Stories about the therac 25 have appeared in trade journals, newspapers, people magazine, and on televisions 2020 and mcneil lehrer news hour. Pdf computer software plays an important role in various industries to speed up processes and. Therac25 software due to overdose accidents the quality assurance of aecl mentioned that. The user manual did not explain or even address the error codes, so the operator pressed the. Ppt therac 25 powerpoint presentation free to view id. In this case on safety critical software, you will find that some.
Depending on whether the tumor was close to the skin or in deeper tissue, the therac 25 would operate in an electronbeam or xray mode. View notes therac 25 from itm 407 at ryerson university. Next, it provides information about the therac25, a computercontrolled medical linear accelerator, and its computer systems failures that led to deaths and injuries. A usagemodel based approach to test therac25 sciencedirect. Case study therac 25 page 1 of 3 therac 25 the therac 25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. Apr 20, 20 an investigation of the therac 25 accidents part iii nancy leveson, university of washington clark s. A requirement is a condition over phenomena of the environment. An investigation of the therac25 accidents essay 10546 words. A thorough account of the therac 25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. The therac25 accidents are associated with the nonuse or misuse of numerous system engineering practices, especially system verification and validation, risk management, and assessment and control. The operators manual supplied with the machine does sitions the.
Students thoroughly read the leveson and turner article, an investigation of the therac25 accidents ieee computer, vol. Nancy leveson and clark turner, the investigation of thetherac 25 accidents, computer, 26, 7 july 1993 pp 1841. On the surface, the primary reason that therac20 killed far fewer people than therac25 was the fact that therac20 had hardware interlocks, while therac25 did not. Moral responsibility for harm caused by computer system. Therac25 was a medical linear accelerator, a device used to treat cancer. Information and computer science, university of california, irvine, 1992 59 pages. December 1985 patient in yakima wa receives overdose. Ppt therac 25 powerpoint presentation free to view. What made therac25 unique at the time of its use was the software. Citeseerx document details isaac councill, lee giles, pradeep teregowda. Worst series of radiation overdoses in over 35 years. The experience illustrates a number of principles that are vital to understanding how and why the design and analysis of safetycritical systems must be done in a methodical way according to established principles. From 1985 to 1987, the machine, called therac25, caused six accidents involving massive overdoses to patients, with resultant deaths and serious injuries. Therac 25 was a medical linear accelerator, a device used to treat cancer.
Citeseerx an investigation of the therac25 accidents. An updated version of the original accident investigation paper by nancy leveson i have updated and changed slightly the original accident report. A common mistake in engineering, in this case and in many others, is to put too much confidence in software. Turner, university of california, irvine, ieee computer, vol. However, aecl designed the therac 25 to take advantage of com puter control from the outset. The therac 25 was a computercontrolled radiation therapy machine produced by atomic energy of canada limited aecl in 1982 after the therac 6 and therac 20 units the earlier units had been produced in partnership with cgr of france. The big picture the therac25 was a computerized radiation therapy machine 11 machines were installed us and canada in 19851987 there were 6 known accidents where massive overdoses were made patients died or suffered serious injuries these were traced to race conditions in reading operator input unique early investigation of safetycritical. Between june 1985 and january 1987, the therac25 medical electron accelerator. The therac 25 was the most computerized and sophisticated radiation therapy machine of its time. In cases like the therac25 the mechanism or event that creates an opportunity for.
After the tyler accidents, therac 20 users who had heard informally about the tyler accidents from therac 25 users conducted informal investigations to determine whether the same problem could occur with their machines. We use the term requirements to denote what are often called functional requirements. Therac25 radiation overdoses your expert root cause. An investigation of the therac25 accidents, by nancy leveson, university of washington and clark s. Finally it investigates whether two key people involved in the therac25 case could reasonably be considered to have some degree of moral responsibility for the deaths and injuries. The first mode consisted of an electron beam of 200 rads that was aimed at the patient directly. An investigation of the therac25 accidents citeseerx. Thus, while the hardware interlocks on therac 20 prevented software errors from causing problems, therac 25 had no similar mechanism. The therac25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. With the aid of an onboard computer, the device could select multiple. The therac25 software disaster essay 1293 words cram. Therac 25 case differs from the ch allenger explosion or the collapse of a bridge under metal fatigue. The therac 25 software disaster the therac 25 is a computerized medical radiation therapy machine for cancer patients.
Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac25 of the hardware safety interlocks of its safely operated predecessor, the therac20, and the devices dependence for these functions on poorly written, hardly. In the 1980s, a number of people were killed and injured by a flawed radiation therapy machine. An investigation of the therac25 accidents computer. An investigation of the therac 25 accidents volumes 92108 of technical report university of california, irvine. An investigation of the therac25 accidents between june 1985 and january 1987, 6 known accidents involving massive. As noted earlier, the software for the therac 25 and therac 20 both evolved from the therac 6 software. Pdf importance of software quality assurance to prevent. The therac 25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. The therac25 was the most computerized and sophisticated radiation therapy machine of its time. The therac25 accidents are the most healthy tissue. Pdf importance of software quality assurance to prevent and. Professionalismtherac25 wikibooks, open books for an open. An investigation of the therac25 accidents computer author.
Every company building safetycritical systems should have. A detailed investigation of the factors involved in the softwarerelated overdoses and attempts by users, manufacturers, and government agencies to deal with the accidents is presented. After the tyler accidents, therac20 users who had heard informally about the tyler accidents from therac25 users conducted informal investigations to determine whether the same problem could occur with their machines. Software in the therac6 and therac20 was reused in the therac25. An investigation of the therac25 accidents nancy leveson, university of washington clark s.
Therac 6 and therac 20 had histories of clinical use without computer control therac 25 software had more responsibility for safety than in previous machines. Dec 11, 2017 in the 1980s, a number of people were killed and injured by a flawed radiation therapy machine. Therac25 case v3 free download as powerpoint presentation. Aug 08, 2010 the therac 25 is a radiation therapy machine used during the mid80s. On the surface, the primary reason that therac 20 killed far fewer people than therac 25 was the fact that therac 20 had hardware interlocks, while therac 25 did not. This view is consistent with the results of nancy levesons thorough investigation of the conditions that led to the therac25 accidents. Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac 25 of the hardware safety interlocks of its safely operated predecessor, the therac 20, and the devices dependence for these functions on poorly written, hardly. Between june 1985 and january 1987, the therac25 medical electron accelerator was involved in six massive radiation overdoses. As noted earlier, the software for the therac25 and therac20 both evolved from the therac6 software. A specification is a restricted form of requirement, providing enough information for the implementer to build the machine by programming it. Nancy leveson and clark turner, the investigation of the therac25 accidents, computer, 26, 7 july 1993 pp 1841. These socalled accidents and mistakes are really just cases of human inattention. An investigation of the therac25 accidents part ii. Researchers who investigated the accidents found several contributing causes.
Food and drug administration fda and the canadian bureau of radiation and medical devices and in depositions associated with lawsuits brought against aecl. Published papers deal with medical, legal, economic, educational, behavioral, theoretical or empirical aspects of. The therac25 machine was a stateoftheart linear accelerator developed by. What made therac 25 unique at the time of its use was the software. Software in the therac 6 and therac 20 was reused in the therac 25. This view is consistent with the results of nancy levesons thorough investigation of the conditions that led to the therac 25 accidents. Essay on the therac25 and its accident investigation instructor name school coursenumber june 2, 2015 introduction in 1983, a machine was released to help in the studentshare our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. During the time span of june 1985 to january 1987, it was the source of six fatal or near fatal overdoses. The therac 25 was a computerized radiation therapy machine 11 machines were installed us and canada in 19851987 there were 6 known accidents where massive overdoses were made patients died or suffered serious injuries these were traced to race conditions in reading operator input unique early investigation of safetycritical.
Turner, university of california, irvine reprinted with permission, ieee computer, vol. Resulted in 3 deaths and 3 cases of severe radiation related injuries. This provided the economic advantage of delivering two kinds of therapeutic radiation with one machine. Requirements are located in the environment, which is distinguished from the machine to be built.
Therac25 case differs from the ch allenger explosion or the collapse of a bridge under metal fatigue. Importance of software quality assurance to prevent and reduce software failures in medical devices. The therac25 is a radiation therapy machine used during the mid80s. Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac25 of the hardware safety interlocks of its safely operated predecessor, the therac 20, and the devices dependence for these functions on poorly written, hardly. An investigation of the therac25 accidents essay 10546. Essay on the therac 25 and its accident investigation instructor name school coursenumber june 2, 2015 introduction in 1983, a machine was released to help in the studentshare our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. This is a quite oftencited paper and is used as an example in many university cs courses.
In cases like the therac 25 the mechanism or event that creates an opportunity for. These results show that aecl was unacceptably slow in responding to reported incidents and fixing their product, a process which was primarily userdriven when more initiative and trust on the companys part. It was involved in at least six accidents between 1985 and 1987, in which patients were given massive. What does nancy levesons classic analysis of the therac25 recommend. The therac 25 accidents and their causes are well documented in materials from the u. Therac25 aecl designed therac25 to use computer control from the start. Thus, while the hardware interlocks on therac20 prevented software errors from causing problems, therac25 had no similar mechanism. Information and computer science, university of california, irvine, 1992. Safety investigation of accidents is a field which is improving and expanding.
A thorough account of the therac25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. The therac25 was a computercontrolled radiation therapy machine produced by atomic. Turner, university of california, irvine a thorough account of the therac 25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. The therac 25 accidents form the basis for what is often considered the bestdocumented software safety casestudy available. First, like the therac 6 and the therac 20, the therac 25 is controlled by a pdp 11. Feb 17, 2014 the therac 25 accidents form the basis for what is often considered the bestdocumented software safety casestudy available. For six unfortunate patients in 1986 and 1987, the therac25 did the unthinkable. The ambition of these guidelines is to reflect the state of the art in accident investigation as well to address its future challenges. Not only did the software ease the laborious setup process, but it also monitored the safety of the machine. As a result, several people died and others were seriously injured. Unfortunately, six accidents involving significant overdoses of radiation to. As noted earlier, the software for the therac25 and therac 20 both evolved from the therac 6 software. Therac6 and therac20 had histories of clinical use without computer control therac25 software had more responsibility for safety than in previous machines.
This case study presents system and software engineering issues relevant to the accidents associated with the therac25 medical linear. It delivered two types of radiation beams, a lowpower electron beam and a highpower xray. Computers are increasingly being introduced into safetycritical systems and, as a consequence, have been involved in accidents. The therac25 was a computercontrolled radiation therapy machine produced by atomic energy of canada limited aecl in 1982 after the therac6 and therac20 units the earlier units had been produced in partnership with cgr of france it was involved in at least six accidents between 1985 and 1987, in which patients were given massive overdoses of radiation. The therac25 and its accident investigation case study. The second, higher energy mode, used the full power of the machine at 25 million electron volts. The operators manual supplied with the machine does not explain. Several fcatures of the therac 25 are important in understanding the acci dents. A detailed accident investigation, drawn from publicly available docu ments, can. The therac 25, like other medical linear accelerators including its predecessors therac 6 and therac 20, used highenergy electron beams to destroy tumors without damaging nearby healthy tissue. A history of the introduction and shut down of therac25. Many lessons can be learned from this series of accidents.
Lawsuits were filed, and no investigations took place. That document is part of an investigation of the therac25 accidents, published in ieee computer, vol. Department of information and computer science authors. Therac 25 background medical linear accelerator developed by atomic energy of canada, ltd. During the time span of june 1985 to january 1987, it. The therac 25 accidents are the most serious computerrelated accidents to date at least nonmilitary and admitted and have even drawn the attention of the popular press. An investigation of the therac25 accidents nancy g. After the tyler accidents, therac 20 users who had heard informally about the tyler accidents from therac25 users conducted informal investigations to determine whether the same problem could occur with their machines. An investigation of the therac 25 accidents nancy g. Turner, an investigation of the therac25 accidents, in ethics and computing. I do not own any of the images, music, or videos used.
419 86 658 336 407 919 1329 1361 1436 896 1167 255 761 1296 635 1050 828 141 316 464 386 1323 885 229 1136 1289 440 1068 848 1221 1168 876 731 284 579