E-health aims to use information and communication technologies to improve the health of citizens, the productivity and efficiency of healthcare delivery, and the social and economic value of health. It encompasses the various interoperability approaches and mechanisms of health services, products and processes, combined with organizational changes in healthcare systems, with regard to interactions between patients and health-service providers, institution-to-institution data-transmission, or peer-to-peer communication between patients and/or health professionals. Since the inappropriate use or misuse of medical information can lead to undesirable outcomes, medicine and health are considered to be very sensitive areas of human life and work. It is therefore important to implement security policies, practices and procedures, as well as cyber security and defense technologies, which help to protect e-health systems against attacks, to detect abnormal activities, and to establish proven contingency plans. This work presents a framework for the security assessment of national e-health systems, which considers country-level practices and perspectives on cyber defense, information security and data protection in e-health in a holistic manner. The framework covers assessment criteria: from national security and critical infrastructures to personal data protection and user and information privacy, and various cyber security aspects in government-to-government, government-to-citizen and government-to-business categories of the e-government ecosystem. Security assessment criteria are grouped and analyzed through four interoperability aspects: legal, technical, semantic and organizational. The security assessment framework was validated and established on the Croatian e-health system, and its advantages and limitations are identified.