Katy Yarbrough, a vivacious 61-year-old Georgia manicurist, was determined not to let the discovery of a cancerous lump in her left breast take control of her life. She recovered quickly from a lumpectomy, braved chemotherapy and hair loss and was halfway through a schedule of daily radiation treatments. With the end of the ordeal in sight, her spirits were high on June 4, 1985.
Like so many times before, she arrived at the clinic in Marietta, Ga., for her regular radiation dose. And like so many times before, the technician carefully positioned her under the cancer center's $1 million radiation therapy machine and left the room to activate the beam.
But this time, something was horribly different. "There was a terrible burn," Yarbrough recalled in an interview before her recent death in a car accident. "It was like somebody took a hot pipe and stuck it through my shoulder."
Burned by radiation 100 times more potent than prescribed, Yarbrough was partially paralyzed. For years she suffered such excruciating pain that she couldn't sleep for more than 30 minutes at a stretch.
That Yarbrough survived the radiation burn was something of a miracle. At least two people treated in Texas with the same machine model, the Therac 25, died shortly after receiving extreme doses of radiation.
A Food and Drug Administration study attributed those two accidents to an unfortunate combination of human and computer error. Though the human operators immediately corrected their mistakes, flaws in the design of the software left the computer unable to recognize and react to the corrections. An FDA official said he suspects that Yarbrough's accident was caused by the same problem that occurred in the Texas cases but cannot prove it.
Each Therac 25 is capable of delivering either X-ray or electron-beam therapy.
Leaving Yarbrough alone in the treatment room on that spring day, the operator went to her computer terminal and typed into the system the particulars of the treatment she desired -- the kind of radiation, energy level, dosage and so forth.
Based on the treatment details entered on the computerized form, the Therac 25 consults a pre-programmed table in the software that sets the appropriate beam current. If X-ray therapy is to be used, a much higher current beam passes through a tungsten target that converts the electron beam to X-rays.
In both Texas cases, according to the FDA, the operator selected X-ray rather than electron treatment, and the Therac software began telling the machine to prepare the appropriate high-current beam and other particulars for X-rays. It also put the target in place.
The operators noticed their errors, but when they corrected it, they created a circumstance the software wasn't designed to handle. The result: The target was gone but the current remained high, and the machine sent out a crippling high-intensity burst, searing the human tissue in its path.
In analyzing the accidents, the Canadian manufacturer, Atomic Energy of Canada Ltd., uncovered two flaws. Due to what it called an error in the way the software was written, one part of the program wasn't able to react properly to the changes the technician was making at the keyboard.
A portion of the software "turned its back on the world for a while," said Walter Downs, the manufacturer's quality assurance chief at the time of the accidents. "When it turned back, it had missed the show."
In addition, the software lacked a "just-in-case" check for changes before allowing the operator to start the beam.
The Therac incidents shook the medical-equipment community into action. Manufacturers launched drives to instill more discipline into their software design processes. They tested religiously for worst-case scenarios.
But problems persist. In fact, software-related recalls of medical devices, having tripled since 1984 to 34 last year, afflict a wide variety of equipment, from ultrasound imaging systems to infusion pumps used with intravenous systems.
Of particular concern to the FDA is that changes in software, unless carefully documented, can go unnoticed until they set off an unexpected chain of events.
FDA inspections have disclosed, for example, that poorly developed and maintained blood-bank computer systems have caused the destruction of donor records and contributed to the mistaken release in 1988 of blood tainted with the AIDS virus and hepatitis.
In the case of one firm that sold computer systems to blood banks, Kontron Instruments of Everett, Mass., the FDA alleged a wide range of inadequate testing and record-keeping, including the installation of revised blood bank software without documenting potential ripple effects.
Kontron, while disputing that its practices were inadequate, recalled its product last fall.