Due to the inherent openness of the Internet of Things (IoT), e-health systems that utilize this technology on a broad scale are susceptible to network attacks. The propose black and white box traceable multi-authority ciphertext policy attribute-based encryption scheme (BWMABE) that combines black and white box accountability with ciphertext policy attribute-based encryption (CP-ABE) to improve data security in e-health systems. The proposed BWMABE scheme enhances security by enabling traceable permissions leakage and employs distributed attribute and key management across multiple authorities. By outsourcing the decryption process to cloud service providers, the proposed BWMABE significantly reduces the computational burden on end-users, making it suitable for lightweight IoT devices with limited computing power. Compared to previous traceable CP-ABE methods, the proposed BWMABE requires less computational effort while supporting both black box and white box traceability. By means of thorough security analysis and performance assessment, the proposed BWMABE has been validated to provide robust security and high efficiency, demonstrating its effectiveness in protecting e-health systems.