Therac25 was a medical linear accelerator, a device used to treat cancer. Turner, university of california, irvine, ieee computer, vol. Turner, university of california, irvine a thorough account of the therac 25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. Inadequate investigation or followup on accident reports. This view is consistent with the results of nancy levesons thorough investigation of the conditions that led to the therac 25 accidents. However, aecl designed the therac 25 to take advantage of com puter control from the outset. For six unfortunate patients in 1986 and 1987, the therac25 did the unthinkable. Therac25 software due to overdose accidents the quality assurance of aecl mentioned that. This case study presents system and software engineering issues relevant to the accidents associated with the therac25 medical linear. This is a quite oftencited paper and is used as an example in many university cs courses. The second, higher energy mode, used the full power of the machine at 25 million electron volts. This view is consistent with the results of nancy levesons thorough investigation of the conditions that led to the therac25 accidents. Between june 1985 and january 1987, the therac25 medical electron accelerator. First, like the therac 6 and the therac 20, the therac 25 is controlled by a pdp 11.
The therac 25 a case study in safety failure radiation therapy machine the most serious computerrelated accidents to date people were killed reference. Apr 20, 20 an investigation of the therac 25 accidents part iii nancy leveson, university of washington clark s. It was involved in at least six accidents between 1985 and 1987, in which patients were given massive. A specification is a restricted form of requirement, providing enough information for the implementer to build the machine by programming. As noted earlier, the software for the therac 25 and therac 20 both evolved from the therac 6 software. Pdf computer software plays an important role in various industries to speed up processes and. The therac 25 accidents form the basis for what is often considered the bestdocumented software safety casestudy available. Stories about the therac 25 have appeared in trade journals, newspapers, people magazine, and on televisions 2020 and mcneil lehrer news hour.
Depending on whether the tumor was close to the skin or in deeper tissue, the therac 25 would operate in an electronbeam or xray mode. A common mistake in engineering, in this case and in many others, is to put too much confidence in software. Pdf importance of software quality assurance to prevent and. In manual mode, a radiotherapy technician would physically set up various.
Citeseerx an investigation of the therac25 accidents. Information and computer science, university of california, irvine, 1992 59 pages. This provided the economic advantage of delivering two kinds of therapeutic radiation with one machine. An investigation of the therac 25 accidents computer author.
After the tyler accidents, therac 20 users who had heard informally about the tyler accidents from therac 25 users conducted informal investigations to determine whether the same problem could occur with their machines. Moral responsibility for harm caused by computer system. The therac25 machine was a stateoftheart linear accelerator developed by. An investigation of the therac25 accidents nancy g.
Finally it investigates whether two key people involved in the therac25 case could reasonably be considered to have some degree of moral responsibility for the deaths and injuries. Therac25 radiation overdoses your expert root cause. The therac25 is a radiation therapy machine used during the mid80s. Therac 25 background medical linear accelerator developed by atomic energy of canada, ltd. Therac 6 and therac 20 had histories of clinical use without computer control therac 25 software had more responsibility for safety than in previous machines. Information and computer science, university of california, irvine, 1992. Thus, while the hardware interlocks on therac20 prevented software errors from causing problems, therac25 had no similar mechanism. Next, it provides information about the therac25, a computercontrolled medical linear accelerator, and its computer systems failures that led to deaths and injuries. A free powerpoint ppt presentation displayed as a flash slide show on id.
Requirements are located in the environment, which is distinguished from the machine to be built. On the surface, the primary reason that therac20 killed far fewer people than therac25 was the fact that therac20 had hardware interlocks, while therac25 did not. An investigation of the therac25 accidents citeseerx. After the tyler accidents, therac 20 users who had heard informally about the tyler accidents from therac25 users conducted informal investigations to determine whether the same problem could occur with their machines. In cases like the therac 25 the mechanism or event that creates an opportunity for. Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac25 of the hardware safety interlocks of its safely operated predecessor, the therac 20, and the devices dependence for these functions on poorly written, hardly.
What made therac 25 unique at the time of its use was the software. A usagemodel based approach to test therac25 sciencedirect. Therac25 case v3 free download as powerpoint presentation. Therac 25 case differs from the ch allenger explosion or the collapse of a bridge under metal fatigue. Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac25 of the hardware safety interlocks of its safely operated predecessor, the therac20, and the devices dependence for these functions on poorly written, hardly. The therac25 software disaster the therac25 is a computerized medical radiation therapy machine for cancer patients. Case study therac 25 page 1 of 3 therac 25 the therac 25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. Therac25 aecl designed therac25 to use computer control from the start. Therac 25 aecl designed therac 25 to use computer control from the start.
Essay on the therac25 and its accident investigation instructor name school coursenumber june 2, 2015 introduction in 1983, a machine was released to help in the studentshare our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. On a second reading, they fill out worksheet one participant list as an electronic file, for later copies, which is a complete list of participants, both individuals. The big picture the therac25 was a computerized radiation therapy machine 11 machines were installed us and canada in 19851987 there were 6 known accidents where massive overdoses were made patients died or suffered serious injuries these were traced to race conditions in reading operator input unique early investigation of safetycritical. That document is part of an investigation of the therac25 accidents, published in ieee computer, vol. A thorough account of the therac25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. Researchers who investigated the accidents found several contributing causes. What does nancy levesons classic analysis of the therac25 recommend. As a result, several people died and others were seriously injured. The therac 25 accidents and their causes are well documented in materials from the u. Although the authors warn against drawing any oversimplified conclusions from these complex accidents, it appears clear to me that the root cause was the omission from the therac 25 of the hardware safety interlocks of its safely operated predecessor, the therac 20, and the devices dependence for these functions on poorly written, hardly. An investigation of the therac25 accidents part ii. The therac25 accidents are the most healthy tissue. In the 1980s, a number of people were killed and injured by a flawed radiation therapy machine. An investigation of the therac25 accidents between june 1985 and january 1987, 6 known accidents involving massive.
The therac25 was a computercontrolled radiation therapy machine produced by atomic. Feb 17, 2014 the therac 25 accidents form the basis for what is often considered the bestdocumented software safety casestudy available. December 1985 patient in yakima wa receives overdose. The experience illustrates a number of principles that are vital to understanding how and why the design and analysis of safetycritical systems must be done in a methodical way according to established principles. The first mode consisted of an electron beam of 200 rads that was aimed at the patient directly. Aug 08, 2010 the therac 25 is a radiation therapy machine used during the mid80s. The ambition of these guidelines is to reflect the state of the art in accident investigation as well to address its future challenges. An investigation of the therac25 accidents computer author. Lawsuits were filed, and no investigations took place. Between june 1985 and january 1987, the therac25 medical electron accelerator was involved in six massive radiation overdoses. In cases like the therac25 the mechanism or event that creates an opportunity for. Essay on the therac 25 and its accident investigation instructor name school coursenumber june 2, 2015 introduction in 1983, a machine was released to help in the studentshare our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. A history of the introduction and shut down of therac25. An investigation of the therac25 accidents nancy leveson, university of washington clark s.
Importance of software quality assurance to prevent and reduce software failures in medical devices. From 1985 to 1987, the machine, called therac25, caused six accidents involving massive overdoses to patients, with resultant deaths and serious injuries. Nancy leveson and clark turner, the investigation of the therac25 accidents, computer, 26, 7 july 1993 pp 1841. The operators manual supplied with the machine does not explain.
The operators manual supplied with the machine does sitions the. The therac 25 software disaster the therac 25 is a computerized medical radiation therapy machine for cancer patients. A requirement is a condition over phenomena of the environment. An investigation of the therac 25 accidents nancy leveson, university of washington clark s. Every company building safetycritical systems should have. Worst series of radiation overdoses in over 35 years. Students thoroughly read the leveson and turner article, an investigation of the therac25 accidents ieee computer, vol. The therac25 accidents are associated with the nonuse or misuse of numerous system engineering practices, especially system verification and validation, risk management, and assessment and control. Turner, an investigation of the therac25 accidents, in ethics and computing. Published papers deal with medical, legal, economic, educational, behavioral, theoretical or empirical aspects of. Therac6 and therac20 had histories of clinical use without computer control therac25 software had more responsibility for safety than in previous machines. An investigation of the therac25 accidents, by nancy leveson, university of washington and clark s. Department of information and computer science authors. Software in the therac 6 and therac 20 was reused in the therac 25.
The therac25 software disaster essay 1293 words cram. Citeseerx document details isaac councill, lee giles, pradeep teregowda. The user manual did not explain or even address the error codes, so the operator pressed the. The therac25 was a computercontrolled radiation therapy machine produced by atomic energy of canada limited aecl in 1982 after the therac6 and therac20 units the earlier units had been produced in partnership with cgr of france it was involved in at least six accidents between 1985 and 1987, in which patients were given massive overdoses of radiation. The therac 25 was a computercontrolled radiation therapy machine produced by atomic energy of canada limited aecl in 1982 after the therac 6 and therac 20 units the earlier units had been produced in partnership with cgr of france. During the time span of june 1985 to january 1987, it was the source of six fatal or near fatal overdoses. It delivered two types of radiation beams, a lowpower electron beam and a highpower xray.
Resulted in 3 deaths and 3 cases of severe radiation related injuries. The therac 25, like other medical linear accelerators including its predecessors therac 6 and therac 20, used highenergy electron beams to destroy tumors without damaging nearby healthy tissue. After the tyler accidents, therac20 users who had heard informally about the tyler accidents from therac25 users conducted informal investigations to determine whether the same problem could occur with their machines. We use the term requirements to denote what are often called functional requirements. Food and drug administration fda and the canadian bureau of radiation and medical devices and in depositions associated with lawsuits brought against aecl. An investigation of the therac 25 accidents volumes 92108 of technical report university of california, irvine. Software in the therac6 and therac20 was reused in the therac25. The therac 25 accidents are the most serious computerrelated accidents to date at least nonmilitary and admitted and have even drawn the attention of the popular press.
The therac 25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. With the aid of an onboard computer, the device could select multiple. These socalled accidents and mistakes are really just cases of human inattention. Nancy leveson and clark turner, the investigation of thetherac 25 accidents, computer, 26, 7 july 1993 pp 1841. Turner, university of california, irvine reprinted with permission, ieee computer, vol. Dec 11, 2017 in the 1980s, a number of people were killed and injured by a flawed radiation therapy machine. Pdf importance of software quality assurance to prevent. An investigation of the therac 25 accidents nancy g. An investigation of the therac25 accidents essay 10546. Ppt therac 25 powerpoint presentation free to view id. As noted earlier, the software for the therac25 and therac20 both evolved from the therac6 software. Therac 25 was a medical linear accelerator, a device used to treat cancer. Computers are increasingly being introduced into safetycritical systems and, as a consequence, have been involved in accidents. The therac25 and its accident investigation case study.
These results show that aecl was unacceptably slow in responding to reported incidents and fixing their product, a process which was primarily userdriven when more initiative and trust on the companys part. Safety investigation of accidents is a field which is improving and expanding. A detailed accident investigation, drawn from publicly available docu ments, can. View notes therac 25 from itm 407 at ryerson university. A specification is a restricted form of requirement, providing enough information for the implementer to build the machine by programming it. A detailed investigation of the factors involved in the softwarerelated overdoses and attempts by users, manufacturers, and government agencies to deal with the accidents is presented. I do not own any of the images, music, or videos used. A thorough account of the therac 25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. On the surface, the primary reason that therac 20 killed far fewer people than therac 25 was the fact that therac 20 had hardware interlocks, while therac 25 did not. Ppt therac 25 powerpoint presentation free to view. What made therac25 unique at the time of its use was the software. Turner, university of california, irvine a thorough account of the therac25 medical electron accelerator accidents reveals previously unknown details and suggests ways to reduce risk in the future. Many lessons can be learned from this series of accidents.
Thus, while the hardware interlocks on therac 20 prevented software errors from causing problems, therac 25 had no similar mechanism. In this case on safety critical software, you will find that some. An investigation of the therac25 accidents computer. An investigation of the therac25 accidents stanford university. Therac25 case differs from the ch allenger explosion or the collapse of a bridge under metal fatigue. An investigation of the therac25 accidents essay 10546 words.
Computers are increasingly being introduced into safety critical systems and, as a consequence, have been involved in accidents. The therac 25 was the most computerized and sophisticated radiation therapy machine of its time. Professionalismtherac25 wikibooks, open books for an open. An updated version of the original accident investigation paper by nancy leveson i have updated and changed slightly the original accident report. The therac25 was the most computerized and sophisticated radiation therapy machine of its time.
Unfortunately, six accidents involving significant overdoses of radiation to. The therac25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. Not only did the software ease the laborious setup process, but it also monitored the safety of the machine. Several fcatures of the therac 25 are important in understanding the acci dents.
230 1155 413 302 31 1295 768 1496 1398 267 119 93 1062 668 497 103 407 1465 751 850 1414 1038 808 351 1235 396 11 931 631 554 1072