An investigation of the Therac-25 accidents

  title={An investigation of the Therac-25 accidents},
  author={Nancy G. Leveson and Clark Savage Turner},
Between June 1985 and January 1987, the Therac-25 medical electron accelerator was involved in six massive radiation overdoses. As a result, several people died and others were seriously injured. A detailed investigation of the factors involved in the software-related overdoses and attempts by users, manufacturers, and government agencies to deal with the accidents is presented. The authors demonstrate the complex nature of accidents and the need to investigate all aspects of system development… 

Figures from this paper

Therac-25 and the security of the computer controlled equipment Ethics of Science and Technology ( WM 0314 IN )

Therac-25, a radiation treatment machine, massively overdosed 6 people because of a software error, and what went wrong in each of the 6 incidents is explained.

Medical Radiation-SEBoK

System and software engineering issues are presented relevant to the accidents associated with the Therac-25 medical linear accelerator that occurred between 1985 and 1988, which caused five deaths and serious injury to several patients.

Erroneous decay corrections in radiotherapy: a Year 2000 safety problem

To determine the potential impact of this problem on the radiotherapy department at Pretoria Academic Hospital, we investigated the computers and computer programs used for the purpose of radioactive

N 94-36495 ,-, , . Applying Formal Methods and uvject-Orlented Analysis to Existing Flight Software

Three objectives of the project were to demonstrate the use of formal methods on a shuttle application, facilitate the incorporation and validation of new requirements for the system, and verify the safety-critical properties to be exhibited by the software.

Concepts and techniques: active electronics and computers in safety-critical accelerator operation

  • R. Frankel
  • Computer Science
    Proceedings of 1994 IEEE Nuclear Science Symposium - NSS'94
  • 1994
Many of the techniques developed as part of the Access and Operational Safety systems designed for RHIC (and other recently completed large research accelerators) may be directly applicable to smaller research and clinical treatment facilities.

A Control System for a Radiation Therapy Machine

Notable features of the control system include construction based on standard hardware and software components connected by a network, a simple and efficient user interface, close integration with the treatment planning system, automated record keeping for patient quality assurance and machine maintenance, and ease of maintenance and upgrading.

Computer-related accidental death: an empirical exploration

Physical causes appear to be implicated in up to 4% of the deaths for which data were available, while 3% involved software error, and about 92% failures in human-computer interaction.

Evaluating software for safety systems in nuclear power plants

The research reported here has identified a number of positive and negative design factors that can serve as the basis for a safety assessment, and identifies the best current software development practices used in industry for safety-critical software.

An international review of patient safety measures in radiotherapy practice.




The infeasibility of experimental quantification of life-critical software reliability

This paper affirms that quantification of life-critical software reliability is infeasible using statistical methods whether applied to standard software or fault-tolerant software. The key

Software safety: why, what, and how

This survey attempts to explain why there is a problem, what the problem is, and what is known about how to solve it.

Risk in a Free Society1

Software safety in embedded computer systems

Operator) deposition in ETCC lawsuit

    XX. 1'0. 8. US Federal Food and [)rug A dministrati on

    • Radiological Health Blllle­ tin

    The Therac-25 Experience

    • Proc. Cun! Stale Radiation Cuntrul Pro­ gram Directors
    • 1987

    ACM. Feb

    • ACM. Feb
    • 1991

    Non-critical tasks include: • Checksum processor (scheduled to run periodically)