As one of the important applications of Internet of Health Things (IoHT) technology in the field of healthcare, wireless body area network (WBAN) has been widely used in medical therapy, and it can not only monitor and record physiological information but also transmit the data collected by sensor devices to the server in time. However, due to the unreliability and vulnerability of wireless network communication, as well as the limited storage and computing resources of sensor nodes in WBAN, a lot of authentication protocols for WBAN have been devised. In 2021, Alzahrani et al. designed an anonymous medical monitoring protocol, which uses lightweight cryptographic primitives for WBAN. However, we find that their protocol is defenseless to off-line identity guessing attacks, known-key attacks, and stolen-verifier attacks and has no perfect forward secrecy. Therefore, a patient monitoring protocol for WBAN in IoHT is proposed. We use security proof under the random oracle model (ROM) and automatic verification tool ProVerif to demonstrate that our protocol is secure. According to comparisons with related protocols, our protocol can achieve both high computational efficiency and security.