Browse Definitions :
Definition

alert fatigue

Alexander S. Gillis
By

Alert fatigue, also called alarm fatigue, is an instance where an overwhelming number of alerts causes an individual to become desensitized to them. Alert fatigue can lead to a person ignoring or failing to respond to a number of safety alerts. This may affect professions such as those in medical, technical or construction fields.

Alert fatigue occurs when an individual is exposed to a large volume of alerts on a frequent basis. The alarms may have different levels of importance, with many being inconsequential, leading to some of the more important alarms to go unnoticed. Alert fatigue also occurs when a system sends out false alerts frequently, causing to individuals to ignore them and flagging the alerts as false alarms. Alert messages may also reach several devices, such as by pager, email and mobile -- which may only compound the issue.

Being inundated with a high number of constant alerts can cause an organization's staff to ignore potentially important events. For example, in the healthcare field, clinicians could ignore alerts that are clinically unimportant, leading to missing more important alerts that could cause serious harm to patients. Alert fatigue can be a significant patient safety hazard due to the consequences of computerizing healthcare.

What causes alert fatigue?

Alert fatigue happens either when a worker becomes overwhelmed by numerous inconsequential alerts to the point where they begin ignoring them, or when a system sends out too many false alarms. Both situations can lead to workers beginning to ignore alerts by turning down the volume of audible alarms, adjusting alarm settings outside of safe parameters or ignoring alerts when they come up. If a cybersecurity system gives out many false or redundant alarms, then security analysts may begin treating them accordingly and assume most of the alerts are false. This could lead to a missed real alert, slow response times and potentially infected systems. Paying attention to all these alerts, however, can also lead to burnout.

What is alert fatigue in healthcare?

Clinicians receive many notifications from a variety of devices, such as phones, pagers or machine-specific alerts. Machine-specific alerts come from monitors, beds, bathroom alerts, ventilators, telemetry monitors, infusion pumps, pulse oximeters and feeding pumps. Generally, a nurse may have to oversee a minimum of around 12 different alarms -- and the number of alarms will only increase the sicker a single patient is. Nurses and doctors also have to care for multiple patients, meaning the number of alerts to manage can increase quickly.

A number of these alerts may be unimportant, meaning they can be ignored. However, clinicians may accidentally ignore a critical alarm that could cause harm if not properly heeded. The burnout from dealing with so many alerts could lead to mismanagement of a situation like this, which how alert fatigue shows up in healthcare.

What is alert fatigue in cybersecurity?

Alert fatigue in cybersecurity takes the form of burnout in analytics. Managing too many alerts, alerting that isn't properly tuned or false positives can cause alert fatigue here. For example, many false positive security notifications can occur if the monitoring rules for an environment are poorly tuned. If a cybersecurity analyst knows this and decides to ignore what they think is a false positive, there's a chance they might miss a real threat.

It's not uncommon to have many cybersecurity alerts. However, having to sift through an abundance of security alerts manually may lead to one or more serious alerts falling through the cracks, whether that's due to fatigue or ignoring what an analyst may think is not important. Attempting to sift through every single security alert will waste many resources as well. To counter this, the use of automation is relatively common.

Additionally, if a cybersecurity analyst spends a lot of their time on false positives, then there is less time spent investigating real security threats.

Alert fatigue in cybersecurity causes subpar detection and responses to alerts of critical attacks.

How to deal with alert fatigue

Managing alert fatigue has some general methods that can be applied to different fields, such as healthcare and cybersecurity. To combat alert fatigue in healthcare, workers should:

  • Increase specificity of alerts by reducing inconsequential alerts
  • Tier alerts. This can be set according to severity/alert priority. Alerts can be customized to notify workers in a particular way to help distinguish between alert types.
  • Consolidate redundant alerts.
  • Make alerts actionable. Alerts that are vague means more time and energy needs to go into figuring them out.
  • Have balanced schedules. Ensure a hospital has enough on-call workers so too many alerts don't fall on one person, as well as analyzing what times need more or less coverage and how frequently specific alerts happen.
  • Continuously review alerting. After a while, go over alerting again to find out if any alerts are missed, if thresholds are too high or low and if employees are desensitized to any of the alerts.

In cybersecurity, methods used to fight alert fatigue can include:

  • Tune alarm management. Have a well-defined tuning and alarm management policy. Ensure the policy is clear and well understood.
  • Include automation. Automation and machine learning are key to fighting off alarm fatigue. It helps in the aggregating and visualizing alerts to improve investigation speeds as well as response times to alarms.
  • Task rotation. Rotate tasks between reporting and alarms to break up workloads.
  • Time management. Set blocks of time for different alert or reporting tasks -- as long as the alerts that occur are not critical ones.
  • Have caution when adding new alerts. Be careful not to add too many that are similar to one another. Make sure newly added alerts route to the right people at the right time.

Some of these tips can apply in multiple fields, such as making sure alerts are tiered, specific and consolidated.

This was last updated in April 2021

Continue Reading About alert fatigue

Networking
  • What is wavelength?

    Wavelength is the distance between identical points, or adjacent crests, in the adjacent cycles of a waveform signal propagated ...

  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

Security
CIO
  • What is a startup company?

    A startup company is a newly formed business with particular momentum behind it based on perceived demand for its product or ...

  • What is a CEO (chief executive officer)?

    A chief executive officer (CEO) is the highest-ranking position in an organization and responsible for implementing plans and ...

  • What is labor arbitrage?

    Labor arbitrage is the practice of searching for and then using the lowest-cost workforce to produce products or goods.

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
Close