The Internet of Medical Things (IoMT) is a novel paradigm that plays a significant role in healthcare applications. The Patient’s healthcare information is gathered, and remotely monitored through these IoMT systems. Hence, patients will get proper medical care and other emergency services to enhance survival and control morbidity. However, the patient’s data which is transferred between the devices through an insecure channel should be prevented against security threats and attacks. Therefore, secure authentication and key management schemes play an important part in IoMT communications. On the other hand, while considering the resource-constrained devices used in IoMT systems it is necessary to propose lightweight authentication schemes. In this paper, we have proposed a secure lightweight authentication scheme (LAS) for IoMT based healthcare systems. According to LAS, all the devices have to be registered and should approved by a central authority but in the authentication and communication phases, the devices can establish peer-to-peer communication without the intervention of a central authority. Furthermore, the privacy of the communicating parties is preserved by implementing hash based pseudo-identification method. In this paper, we have done the formal security analysis using BAN logic, the ROR model, and the Scyther tool. The informal security analysis is also shown proof of the resilience capabilities of LAS on various other well-known threats and attacks. Moreover, the proposed LAS is implemented using NS3 simulator to analyze its network performance such as End-to-End delay, Packet Loss Rate, and throughput. Lastly, the performance of the proposed scheme is also evaluated in terms of computational and communication costs. As per the result, the proposed LAS outperformed well when compared with other lightweight authentication schemes.