[Over a decade ago, a hospital in the Texas Medical Center killed several patients due to a firmware bug in a therapeutic radiation device. The bug was triggered only when a combination of certain valid, but rarely occurring, settings were selected in the device control software. When the bug was triggered the device delivered more than 100 times the intended dose of radiation, killing the patient. It took a while to figure out that it was a software bug, rather than operator error, that was producing the unintended & lethal result. Before investigators got a handle on this several patients had been killed and several others were seriously injured.]
‘Known Software Bug’ Disrupts Brain-Tumor Zapping By Kevin Poulsen Wired.com October 16, 2009 | 4:19 pm http://www.wired.com/threatlevel/2009/10/gamma/ The maker of a life-saving radiation therapy device has patched a software bug that could cause the system’s emergency stop button to fail to stop, following an incident at a Cleveland hospital in which medical staff had to physically pull a patient from the maw of the machine. The bug affected the Gamma Knife, a device resembling a CT scan machine that focuses radiation on a patient’s brain tumor while leaving surrounding tissue untouched. A patient lies down on a motorized couch that glides into a chamber, where 201 emitters focus radiation on the treatment area from different angles. The patient wears a specialized helmet screwed onto his skull to ensure that his head doesn’t move and expose the wrong part of the brain to the machine’s pinpoint tumor-zapping beams. Positioning is vital in the procedure, so when the couch moved out of position during a treatment at an university hospital in Cleveland last December, staffers hit the “emergency stop” button, expecting the couch to pull the patient out of the Gamma Knife, and the radiation shields at the mouth of the machine to automatically close. Instead, according to a report eventually filed with the Nuclear Regulatory Agency, nothing happened. “Staff had to manually pull out the couch from the Gamma Knife and manually close the doors to the Gamma Knife to shield the source,” reads the report, which states that neither the patient nor the workers were harmed. “Radiation exposure to all individuals involved with the incident was minimal.” When the hospital called the company that makes the Gamma Knife, it learned that there was a “known software bug problem” affecting the unit’s couch sensors. Known, anyway, to the company, Stockholm-based Elekta AB. “Elekta was aware of the software ‘bug’ at the time of the December 2008 event and had implemented actions to correct the ‘bug’ in a future software release,” says Thomas Valentine, director of quality assurance and regulatory affairs for the Elekta’s U.S. arm, in an e-mail. Since then, he adds, “The ‘bug’ has been corrected in software upgrades that have been implemented to all of the affected sites in the U.S. The U.S. NRC was notified of the completed status of software upgrades to correct the identified ‘bug’.” We don’t know why “bug” is in quotes; surely this wasn’t a feature. In any case, Valentine says the Ohio incident was the only one of its kind “in the U.S.,” and that the bug had been triggered by an unusual combination of events. It’s worth noting that Gamma Knife has been used to treat about half-a-million people without trouble. But the bug is another reminder that increasingly smart medical devices are susceptible to the same kind of programming errors that have long afflicted less critical applications. This week, the Los Angeles Times reported that Cedars-Sinai Medical Center made an error while tinkering with the settings on a hospital CT scan machine in February 2008, resulting in about 80 patients temporarily losing patches of hair due to radiation overdoses. The most notorious medical bug was a “race condition” in the software powering the Therac-25 medical accelerator in the 1980s, which resulted in three patients dying from radiation overdoses from 1985 to 1987. The far less serious Gamma Knife bug came to light in the medical community four months after the incident, after an inspector with the Ohio Department of Health spotted a discussion of the Cleveland incident in the minutes of the hospital’s radiation safety committee meeting. The hospital is not named in public filings, but had apparently failed to report the incident to the state, as required by law. The Department of Health went on to report the matter to the NRC, which in April alerted hospitals around the country in an e-mail to its medical mailing list. -- ================================ George Antunes, Political Science Dept University of Houston; Houston, TX 77204 Voice: 713-743-3923 Fax: 713-743-3927 Mail: antunes at uh dot edu *********************************** * POST TO [email protected] * *********************************** Medianews mailing list [email protected] http://lists.etskywarn.net/mailman/listinfo/medianews
