The Therac Episodes

Medical Linear Accelerators (lincacs) acclerate electrosn to create high energy beams which can destroy tumors w/out harming surrounding tissue.
To reach deeper, X-rays may be used.
In the 1970's, Atomic Energy of Canada Ltd (AECL) and a French firm (CGR), collaborated to bulid linacs.
They built:
- Therac 6: a 6 million electron volts (MeV) XRay only
- Therac 20: 20 MeV, dual mode (Xray and and electron)
These were improved versions of earlier CGR machines -- they used a PDP11 for control.
Alone, AECL developed the Therac 25.

Unlike the others, it could not function as a stand alone machine -- it needed the software. It relied on software and took advantage of the power of the computer to control hardware, thus avoiding the expense of hardware safetwy mechanisms and interlocks.

Some software from the the various machines was interrelated and reused.
For the March 1983 final safety report, AECL made the following assumptions:
1. Programming errors are reduced by extensive testing on a hardware simultaor and in the fieled.
2. Program software does not degrade due to wear, fatigue, or reproduction process.
3. Computer execution errors are caused by faulty hardware and random errors due to the radiation.
11 units were installed -- 5 in the US, 6 in Canada.
Six accidents involving massive overdoses occured between 1985 and 1987, when it was recalled for extensive design changes.

Kennestone Regional oncology Center, 1985
- woman undergoing a lumpectomy
- unit had been oprating for about 6 months, others around the continent since 1983 treatment
- complained of a burn. w/in a few days her shoulder was paralyzed and she was experiencing spasms. Two weeks later she started sloughing off layers of skin. She had a radiation burn.
- Estimate that she recieved 15,000 - 20,000 rads (radiation absorbed dose).
- Typical dose is 200 range. 1000 can be fatal if delivered body wide, 500 rads will result in death in 50% of cases.
- Doctors failed to recognize it b/c they had never seen such an extreme case.
- Eventaully removed breast.
Ontario Cancer Foundation, 1985
- In use for 6 months already
- Operator received cryptic message, (H-tilt) treatement paused.
- Not unusual, resumed treatment. Did this several times.
- Patient died four months later after receiving 13-17,000 rads.
Yakima Velley Memorial Hospital, 1985

unit had been modified in Sept in response to Hamilton (ontario).
In December a woman came in and she received striped burns, but blocking tray was discraded.
Developed a chronic skinulcer, tissue necrosis (death) under the skin, and constaint pain. Still alive.

Well documented due to Fritz Hager, hopital physicist.
500 patients over more than 2 yrs.
patient to receive 180 rads over 10/17 cm on back. (total of 6000 rads over 6 1/2 weeks)
quick typing, made mistake
malfunction 54 and pause, so she resumed
operator isolated from patient.
patient had attempted to leave when he felt something go wrong with first attempt, received second wave on his arm.
actually received 16,500-25000 rads in less than 1 second over an area of 1cm
left arm paralyzed, nasea, radiation induced myelitis of cervical cord, parlaysis in left arm and both legs, unable to speak. other problems.
Died within 5 months.

same technician, same techinical problems.
patient dies within 3 weeks, high dose radiation injury to the right temporal lobe of the brain and the brain stem. (about 25000 rads)

Yakima Valley Memorial Hospital, January 1987
- patient to receive 86 rads
- hand calibration
- actually received 8000-10000 rads
- patient died in April

accidents involve a web of interactions
human error is not a useful label -- everything can be labeled human error
if software is ascribed as the cause, then we are forced to conclude the only way to prevent such accidents is to use perfect software or use no software.
systems engineering -- can't build in an overdependence on any one aspect. In this sense, look at software as a whole as just one aspect.
no cheks, only patient reactions
software engineering
- there were coding erros, usually just design
- assumptions about off the shelf software -- awkward and dangerous designs, no guarantee of safety.
- record resigns for decisions
users found problems
companies listen to users
FDA knows of less than 1% of all deaths
USAF program

Last modified: Thursdy, 2 April 1998