"Inadequate Investigation or Followup on Accident Reports. Every company building safety-critical systems should have audit trails and analysis procedures that are applied whenever any hint of a problem is found that might lead to an accident." p. 47The lesson being that you have to have built-in audit, reporting, transparency, and user visibility for reputation.
"Government Oversight and Standards. Once the FDA got involved in the Therac-25, their response was impressive, especially considering how little experience they had with similar problems in computer-controlled medical devices. Since the Therac-25 events, the FDA has moved to improve the reporting system and to augment their procedures and guidelines to include software. The input and pressure from the user group was also important in getting the machine fixed and provides an important lesson to users in other industries." pp. 48-49
Remember, most of those 99,000 deaths a year from medical errors aren't due to control of complicated therapy equipment:
Saying we shouldn't deal with this prescription problem because of Therac-25 is like saying the average human shouldn't fly on the Space Shuttle because it's too dangerous, therefore we shouldn't engineer airliners.
Especially considering the VA has been using CPOE for years now, greatly reducing the problem, so we have a very large pilot program that works. Since adopted by Mayo Clinic. And now spreading into the rest of the medical industry, with a lot of work going on all of audit, reliability, and ease of use among multiple competing vendors. All of whom presumably know about Therac-25.