In recent years, with the advent of communication technologies, healthcare sensing and remote monitoring have undergone a significant evolution to addressing almost all current e-health challenges. In view of this, the Internet of medical things (IoMT)-based applications are evolved. However, security and privacy are the primary concern as vast numbers of devices are connected and communicated through the wireless environment. The direct involvement of humans in IoMT-based healthcare applications made robust and secure communication among the sensors, actuators, and patients significant. In this direction, we proposed a novel security framework for Message Queuing Transport Telemetry (MQTT) protocol based on publish/subscribe messages, which is suitable for constrained and small devices in IoMT. In this paper, we proposed a lightweight hyper elliptic curve-multiple shared key algorithm to derive session keys in order to encrypt/decrypt health readings from the sensors connected to the patient body. The comparative analysis of performance shows that the proposed method outperforms different existing techniques in terms of computational time by reducing the computational times of broker and producer/subscriber by 0.084 and 0.0168, respectively, than the best performed existing method (Malina et al.). Finally, the security analysis shows that the proposed framework is secure against physical attacks, key control, machine-in-the-middle (MITM), non-repudiation, replay, and naming based attacks.