Alert fatigue, also called alarm fatigue, is an instance where an overwhelming number of alerts causes an individual to become desensitized to them. Alert fatigue can lead to a person ignoring or failing to respond to a number of safety alerts. This may affect professions such as those in medical, technical or construction fields.
Alert fatigue occurs when an individual is exposed to a large volume of alerts on a frequent basis. The alarms may have different levels of importance, with many being inconsequential, leading to some of the more important alarms to go unnoticed. Alert fatigue also occurs when a system sends out false alerts frequently, causing to individuals to ignore them and flagging the alerts as false alarms. Alert messages may also reach several devices, such as by pager, email and mobile -- which may only compound the issue.
Being inundated with a high number of constant alerts can cause an organization's staff to ignore potentially important events. For example, in the healthcare field, clinicians could ignore alerts that are clinically unimportant, leading to missing more important alerts that could cause serious harm to patients. Alert fatigue can be a significant patient safety hazard due to the consequences of computerizing healthcare.
What causes alert fatigue?
Alert fatigue happens either when a worker becomes overwhelmed by numerous inconsequential alerts to the point where they begin ignoring them, or when a system sends out too many false alarms. Both situations can lead to workers beginning to ignore alerts by turning down the volume of audible alarms, adjusting alarm settings outside of safe parameters or ignoring alerts when they come up. If a cybersecurity system gives out many false or redundant alarms, then security analysts may begin treating them accordingly and assume most of the alerts are false. This could lead to a missed real alert, slow response times and potentially infected systems. Paying attention to all these alerts, however, can also lead to burnout.
What is alert fatigue in healthcare?
Clinicians receive many notifications from a variety of devices, such as phones, pagers or machine-specific alerts. Machine-specific alerts come from monitors, beds, bathroom alerts, ventilators, telemetry monitors, infusion pumps, pulse oximeters and feeding pumps. Generally, a nurse may have to oversee a minimum of around 12 different alarms -- and the number of alarms will only increase the sicker a single patient is. Nurses and doctors also have to care for multiple patients, meaning the number of alerts to manage can increase quickly.
A number of these alerts may be unimportant, meaning they can be ignored. However, clinicians may accidentally ignore a critical alarm that could cause harm if not properly heeded. The burnout from dealing with so many alerts could lead to mismanagement of a situation like this, which how alert fatigue shows up in healthcare.
What is alert fatigue in cybersecurity?
Alert fatigue in cybersecurity takes the form of burnout in analytics. Managing too many alerts, alerting that isn't properly tuned or false positives can cause alert fatigue here. For example, many false positive security notifications can occur if the monitoring rules for an environment are poorly tuned. If a cybersecurity analyst knows this and decides to ignore what they think is a false positive, there's a chance they might miss a real threat.
It's not uncommon to have many cybersecurity alerts. However, having to sift through an abundance of security alerts manually may lead to one or more serious alerts falling through the cracks, whether that's due to fatigue or ignoring what an analyst may think is not important. Attempting to sift through every single security alert will waste many resources as well. To counter this, the use of automation is relatively common.
Additionally, if a cybersecurity analyst spends a lot of their time on false positives, then there is less time spent investigating real security threats.
Alert fatigue in cybersecurity causes subpar detection and responses to alerts of critical attacks.
How to deal with alert fatigue
Managing alert fatigue has some general methods that can be applied to different fields, such as healthcare and cybersecurity. To combat alert fatigue in healthcare, workers should:
- Increase specificity of alerts by reducing inconsequential alerts
- Tier alerts. This can be set according to severity/alert priority. Alerts can be customized to notify workers in a particular way to help distinguish between alert types.
- Consolidate redundant alerts.
- Make alerts actionable. Alerts that are vague means more time and energy needs to go into figuring them out.
- Have balanced schedules. Ensure a hospital has enough on-call workers so too many alerts don't fall on one person, as well as analyzing what times need more or less coverage and how frequently specific alerts happen.
- Continuously review alerting. After a while, go over alerting again to find out if any alerts are missed, if thresholds are too high or low and if employees are desensitized to any of the alerts.
In cybersecurity, methods used to fight alert fatigue can include:
- Tune alarm management. Have a well-defined tuning and alarm management policy. Ensure the policy is clear and well understood.
- Include automation. Automation and machine learning are key to fighting off alarm fatigue. It helps in the aggregating and visualizing alerts to improve investigation speeds as well as response times to alarms.
- Task rotation. Rotate tasks between reporting and alarms to break up workloads.
- Time management. Set blocks of time for different alert or reporting tasks -- as long as the alerts that occur are not critical ones.
- Have caution when adding new alerts. Be careful not to add too many that are similar to one another. Make sure newly added alerts route to the right people at the right time.
Some of these tips can apply in multiple fields, such as making sure alerts are tiered, specific and consolidated.