Securing telehealth IoT infrastructure is essential to provide high-level medical care and prevent cyberattacks. A vulnerable stage in IoT telehealth is while the patient is being transported to a healthcare facility, the transporter could be an ambulance or an air ambulance. In this paper, we propose a multifactor authentication scheme to secure the system when the patient is in transit to the healthcare facility. We apply this scheme to an ambulance, using physical unclonable functions (PUFs) embedded in the ambulance to facilitate authentication and secure key exchange. We validated the security of the proposed scheme using formal and informal security analysis. The analysis supports our claim that the proposed scheme protects against many types of attacks.