When code can kill or cure

Staff | The Economist | June 2, 2012

Applying the “open source” model to the design of medical devices promises to increase safety and spur innovation

...This growing reliance on software causes problems that are familiar to anyone who has ever used a computer: bugs, crashes and vulnerability to digital attacks. Researchers at the University of Patras in Greece found that one in three of all software-based medical devices sold in America between 1999 and 2005 had been recalled for software failures. Kevin Fu, a computer science professor at the University of Massachusetts, calculates that such recalls have affected over 1.5m individual devices since 2002. In April researchers at McAfee, a computer-security firm, said they had found a way to get an implanted insulin pump to deliver 45 days’ worth of insulin in one go. And in 2008 Dr Fu and his colleagues published a paper detailing the remote, wireless reprogramming of an implantable defibrillator.

When software in a medical device malfunctions, the consequences can be far more serious than just having to reboot your PC. During the 1980s a bug in the software of Therac-25 radiotherapy machines caused massive overdoses of radiation to be delivered to several patients, killing at least five. America’s Food and Drug Administration (FDA) has linked problems with drug-infusion pumps to nearly 20,000 serious injuries and over 700 deaths between 2005 and 2009. Software errors were the most frequently cited problem. If buggy code causes a pump to interpret a single keystroke multiple times, for example, it could deliver an overdose.

Frustrated by the lack of co-operation from manufacturers, some academics now want to reinvent the medical-device industry from the ground up, using open-source techniques. In open-source systems, the source code is freely shared and can be viewed and modified by anyone who wants to see how it works or build an improved version of it. Exposing a design to many hands and eyes, the theory goes, results in safer products. This seems to be the case for desktop software, where bugs and security flaws in open-source applications are typically fixed much more quickly than those in commercial programs...