Recently, with the help of remote continuous healthcare monitoring technique, elderly people with chronic medical conditions can receive therapeutic service at home or at local community without going to hospitals. Wireless sensor networks promise to revolutionise the healthcare model by allowing inexpensive, non-invasive, continuous and ambulatory healthcare monitoring devices with almost real-time updates of medical records via the Intranet/Internet. The medical data of an individual is very personal, sensitive and should be kept in a reliable and authorised entity. However, the vital personal signals transmitting in the networks cannot be prohibited to be eavesdropped during the wireless communications. Worse still, the adversary could even actively modify, inject or spoof the private vital medical data. To address the issues of system security, a hybrid key management based on elliptic curve cryptography is proposed to protect sensitive data in these stringent resource-constrained devices. In order to protect data, two modified Feistel algorithms are introduced and compared with data encryption standard (DES). At the same time, a healthcare monitoring prototype has been implemented for testing the security mechanisms by using blood oxygen level (SpO2) physiological sensor module and MICAz nodes.