Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients' body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data's confidentiality and preserving patients' privacy. In the past few years, several anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients' identities and by encrypting medical data. However, many of these schemes are not secure enough. First, we review the most recent AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. After that, we propose a new AA scheme for WBANs and prove that it is provably secure. Our detailed analysis results demonstrate that our proposed AA scheme not only overcomes the security weaknesses in previous schemes but also has the same computation costs at a client side.