Internet of Medical Things (IoMT) is an application-specific extension of the generalized Internet of Things (IoT) to ensure reliable communication among devices , designed for the medical industry. However, a challenging issue associated with these networks, i.e., IoMT and IoT, is to ensure the authenticity of both source and destination modules and further guarantee the integrity of the multimodal data in the emergencies such as the COVID-19 pandemic. Various mechanisms for device authentication have been presented in the literature to resolve both devices and data’s authenticity, integrity, and privacy. Still, authentication of mobile device-to-server (in both homogeneous and heterogeneous IoMT) is not explicitly addressed for the black-hole attack. In this article, a device-to-server and vice versa mutual authentication scheme are presented to ensure secure communication sessions among numerous mobile devices and server in the operational IoMT. The proposed scheme is a hybrid of medium access control (MAC) and enhanced on-demand vector (EAODV)-enabled routing schemes. In the proposed scheme, an offline phase is introduced to complete the registration process of member devices with the concerned server module. It blocks every possible entry of the potential intruder devices in the operational IoMT. A mobile device interested in initiating a communication session with a particular server is needed to pass the mutual authentication process. As a result, only registered devices are allowed to communicate. Additionally, a reliable encryption and decryption scheme is used to ensure data reliability during these communication sessions. Simulation results verify the exceptional performance of the proposed mutual authentication scheme in terms of authenticity, security, and integrity of both devices and data in the operational IoMT.