With the rapid growth of wireless medical sensor networks (WMSNs) based healthcare applications, protecting both the privacy and security from illegitimate users, are major concern issues since patient’s precise information is vital for the proper diagnosis procedure. So, authentication protocol is one of the efficient mechanisms to deal with trustworthy and authentic users. Several authentication protocols have been proposed in WMSNs environment. However, the most of these protocols are so susceptible to security threats and not suitable for practical use. In this article, recently proposed Amin et al.’s authentication scheme is reviewed and some vulnerabilities like off-line password guessing attack, user impersonation attack, known session-key temporary information attack, the revelation of secret parameters, and identity guessing attack are pointed out. To overcome all the above mentioned vulnerabilities, we have proposed an enhanced three-factor based remote user authentication protocol in WMSNs environment. Further, the proposed protocol is validated using Burrows–Abadi–Needham logic and then simulated using Automated Validation of Internet Security Protocols and Applications tool. Moreover, the security analysis ensures that the proposed protocol is well protected from various types of malicious attacks. In addition, the performance evaluation shows better efficiency and suitability of our protocol over other related protocols. © 2018, Springer-Verlag GmbH Germany, part of Springer Nature.