Last time on History’s Biggest Software Fails we looked at The Heartbleed Bug, which has been dubbed “perhaps the worst vulnerability found on the internet”. Despite its wide reach and devastating effects for the online world, there are some software bugs that end up having such severe consequences that they can be measured in human lives. Today, we investigate how one such bug claimed the lives of at least five people and left over fifteen others with severe health complications:
In November 2000 at the National Cancer Institute in Panama twenty-eight patients were exposed to dangerous levels of radiation due to a series of faulty calculations caused by a lack of proper software testing. Cobalt-60 therapy is the use of gamma rays from radioisotopes to treat malignant tumors. The machines have been in use since 1951 and are still widespread around the world today. While there are other alternatives, they tend to be easier to maintain while still being relatively reliable. Typically, a doctor formulates a treatment plan on what dose of gamma radiation can be safely directed at a patient’s tumor. They then hand this plan over to medical physicists who input all the relevant data into a software package and create 3D pictures of how the doses should be distributed. A part of this process is figuring out how to place metal shields that protect sensitive tissue and cover the area where the tumor is located. The shields are usually made out of lead or metal alloy that provides protection from gamma rays.
The Cobalt-60 machine in Panama was overused and under maintained due to a lack of proper funding as well as understaffing issues. For this reason, some of the physicists were motivated to test a new method on how to align the shields in the hopes of not only making the entire process easier but also providing extra protection for their patients. Instead of applying the usual four blocks, they implemented a fifth one with no objections from the software or the accompanying manual and noticed that they were even able to create composite shapes, such as a rectangle with triangles in each corner, in the 3D pictures of the shields. However, what they didn’t expect was that the addition of the extra block as well as the fact that the software was unable to accurately recognize the shapes would lead to a miscalculation of treatment times. Therefore, depending on the amount of treatments a patient received, they were subjected to radiation levels 20 to 100% more than the prescribed dose putting them well into dangerous zones of exposure.
The final death toll attributed to the software error was five lives, with fifteen more being diagnosed as suffering from serious complications. In addition, the physicists were charged with involuntary manslaughter for applying “super-radiation” to twelve of the patients and sentenced to four years in prison. However, the patients who survived the disaster were convinced that Multidata Systems, the developers of the software, were in part responsible due to the bug that caused the miscalculations in the first place. One of the arguments for Multidata’s involvement is that the physicists should never have been able to deviate from what is possible for the software to process in the first place or if they did the consequences should have been tested. This led to Multidata Systems facing multiple lawsuits in two different countries.
Unfortunately, the Cobalt-60 disaster isn’t the only instance where patients have been over radiated due to computer failure. A well-known example of this is the Thermac-25 case which claimed three lives. When software has the capability of controlling the outcome of a person’s life, be it medical treatment or even advanced warfare, it is of utmost importance that there is virtually no margin of error. Therefore, due to the severe consequences faced by all parties involved in this tragedy, the Cobalt-60 disaster is a somber reminder of the importance of software testing, especially when dealing with technology that has the ability to destroy lives.