Internet of Health Things (IoHT) is a hot topic of research presently, which provides a reliable and intelligent healthcare system for monitoring the physical conditions of the patients over the Internet from anywhere and anytime. The ease of time-independent interaction from geographically remote areas is a core advantage of the IoHT system, which offers preventive or proactive healthcare facilities at a lower cost. IoHT communication, on the other hand, is usually carried out with a range of low-power biomedical sensors, rendering them vulnerable to cyber-attacks and incompatible with traditional cryptographic techniques. The most critical security concern in IoHT is ensuring the authenticity of patients' health-related messages sent over the internet. Other key concerns include receiver anonymity and forward security, which means that only the sender knows the identities of the recipients. As a result, even if the private key of senders compromised, the adversary will be unable to decrypt the ciphertext. Existing signcryption schemes that employ certificateless cryptography for the healthcare system failed to guarantee both receiver anonymity and forward security simultaneously. Therefore, in this article, we propose an anonymous certificateless signcryption scheme for IoHT applications, which is based on the notion of the Hyperelliptic Curve (HEC) cryptosystem to satisfy these security requirements. The proposed scheme guarantees formal security analysis for confidentiality, unforgeability, and receiver anonymity using the Random Oracle Model (ROM). The results authenticate that the proposed scheme improves security while lowering computation and communication costs.INDEX TERMS Internet of things, IoHT, security, signcryption, hyperelliptic curve cryptosystem, random oracle model.