Wireless body area networks and medical servers exchange sensitive and private patient data that should be protected from malicious entities. To achieve this, numerous security solutions have been presented in literature. However, some of these security protocols have many security vulnerabilities that expose the wireless body area networks to attacks. In addition, the high computation, storage and communication overheads in some of the current schemes render them unsuitable for resource constrained sensor hubs. As such, the protection of exchanged packets is necessary but challenging. In this paper, a protocol that leverages on elliptic curve cryptography and pseudonyms is developed to address some of these issues. The protocol is demonstrated to be secure under the Burrows–Abadi–Needham (BAN) logic. In addition, it is shown to be resilient against some typical attacks models in wireless body area networks. Moreover, its computation and communication complexities are the lowest among other related scheme.